Compliance2 min
GDPR inspections: what to prove with your play centre records
Consents, minimisation and traceability. A checklist for regulator visits or internal audits.
When a parent complains or compliance is reviewed, “we have it in a notebook” is not enough. For children’s data, what matters is what you can demonstrate with ordered records.
Five pillars inspectors often ask about
- Legal basis and purpose for each data field (signup, alerts, billing).
- Versioned consents (what was accepted, when, which text).
- Minimisation: only necessary fields at signup and in the portal.
- Rights: access, rectification, erasure within reasonable time.
- Roles: which staff can see which screens.
LudoSAFE logs consents and rights requests from the family portal. Product frame: compliance.
Document checklist (before a visit)
| Document / record | Where it should live |
|---|---|
| Up-to-date privacy policy | Website + linked at signup |
| Record of processing activities | Your DPO / counsel documentation |
| Consent evidence per family | Software, not paper alone |
| Breach procedure | Internal, known to management |
| Basic staff training | Session notes or register |
Software does not replace a DPO — it makes operational evidence easier to extract.
Mistakes that weaken your position
- Children’s photos on staff WhatsApp groups.
- Full exports to Excel without copy control.
- Keeping data “just in case” without a retention rule.
See also GDPR and children’s data.
Conclusion
Passing scrutiny is consistency between your privacy promise and what the system shows when asked.
Want to see LudoSAFE at your venue?
We'll walk you through enrolment, wristbands and alerts with no obligation.
Not sure if it's a fit yet?
Take the operational discovery survey: 5 minutes about your venue and how you work.