You need to comply with the a14 duty unless an exemption from schedule 2 parts 1, 2 or 3 applies, or unless one of the other conditions of a14(5) applies, plus you need a processing condition - a6 GDPR and into s8 DPA 18 - statutory function - if it's 6(e), and a10 GDPR and schedule 1 parts 1, 2 or 3 if the information about the individual relates to criminal convictions or offences.
I agree that it's easier to operate a list of 'approved' people for collection, but there might be any number of reasons a parent/guardian would ask the school to tell either them or the police if a certain individual contacted or came to the nursery. This is a slightly different approach to operating a 'no permission to collect' list; everyone but those with parental responsibility should be on this list by default...
This makes it more complicated than choosing a condition for having a 'no permission to collect' list, but I think maybe the situation is more complicated than others suggest. You need to look at the circumstances of each instance of a parent/guardian alerting you to issues with an individual and why you are processing this third party's information - e.g. prevention of crime if it would break bail conditions for them to try to contact the child, or perhaps safeguarding if there are issues that are not criminal.
Consultation with the nursery and a policy (perhaps an update to the safeguarding policy) might be in order.
Dan
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Michael Lockton
Sent: 16 April 2018 09:37
To: [log in to unmask]
Subject: [data-protection] 'Rogues Gallery' question
The scenario is:
A nursery asks parents/guardians to supply name and photograph of anyone who is specifically not allowed to collect their child. The person may or may not have a restraining order applied, and has not given consent to the processing.
What is the legal basis?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|