Best Practice Update

Background photo of digital folders around a shield in blue and white. A bag of money in a trolley. Text says procuring a new MIS. Data Protection Education logo

DfE Guidance: Choosing a new MIS

✅📃 An MIS (management information system) is a critical part of the school's day to day operations and digital infrastructure.  They can be on premise or in the cloud, which means contract terms can differ.  We highlight the latest guidance alongside what is already data protection law - you should follow this, even if you are procuring your MIS through your local authority or third party IT provider.

Read more …

  1. Sharing photos on World Book Day: Privacy considerations
  2. HCRG Care Group data breach
  3. DPE MAT Conference 2026 - Save the Date!
  4. The Importance of AI literacy and training staff
  5. How to verify visitors the right way
  6. Short Guide to AI Video
  7. Safer Internet Day, Cyber Security & Data Protection
  8. The Cyber Resilience Championship
  9. The Multiple Dimensions of Supplier Due Diligence
  10. New Data Protection Fees
  11. School shares sensitive pupil information as part of an FOI response
  12. AI (Artificial Intelligence) Best Practice Area & Policy
  13. Blacon High School Cyber Attack
  14. WhatsApp and FOI's: ICO Warnings
  15. New AI Guidance from the DfE
  16. What the proposed Government legislative proposal around cyber crime means
  17. DPE Webinar Schedule
  18. ICO report on AI tools in recruitment
  19. DfE update to record keeping and management
  20. Update to data sharing for school immunisation programmes
  21. Early Years Settings and Cyber Security
  22. SLT Digital Lead Profile
  23. The role of governors in cyber security and data protection
  24. Navigating Privacy at the End of Term , Special Occasions and End of Year
  25. Contracts Register
  26. DfE Digital Standards Autumn Update
  27. The importance of knowing how to access your CCTV footage!
  28. Cyber Attack on a Special School
  29. Stealing children's data
  30. What is dark data? (and why does it matter?)
  31. Ofqual highlights the value of cyber security training in schools
  32. Searching for data when you receive a Subject Access Request
  33. Fylde Coast Academy Trust Cyber Attack This Week
  34. Calling all IT leads in schools and mult academy trusts!
  35. Ransomware cyber attack on a school in Bromley
  36. The Data Protection Lead/Champion Role
  37. Join Our Social Media Family!
  38. School hit by Cyber Attack
  39. New Academic Year Kick-Off!
  40. Cyber Security Best Practice Area
  41. DfE Digital Standards for Schools and Colleges Tracker
  42. New Policies, Documents, Letters and Posters page
  43. Schools and Trusts Best Practice Area
  44. The DPE Retention Schedule
  45. Making the Rounds Update (now includes reporting)
  46. ESFA Cyber Essentials Requirement for Colleges from 2024/2025
  47. ICO Reprimands a School
  48. Navigating Privacy at the End of Term , Special Occasions and End of Year
  49. Out of date technology
  50. Data Retention and the Pupil File
  51. Have you assigned your SLT Digital Lead yet?
  52. Getting Started with AI (Artificial Intelligence)
  53. Cyber attack on a school during half term
  54. Update to the DfE Digital Cyber Security Standards for Schools and Colleges (May 2024)
  55. The rise of cyber attacks in schools are causing pupils to miss classes
  56. ICO: Learning from the mistakes of others report
  57. Cyber attack on a Trust; the aftermath
  58. School Focus: The Vale Federation | Aylesbury
  59. DfE Dealing with Subject Access Requests (SARs) Guidance
  60. Update to the Guidance on Information Sharing from the DfE
  61. FOI Requests generated by Artificial Intelligence
  62. Social Media Best Practice Area
  63. Lettings Best Practice Area
  64. Appropriate filtering and monitoring definitions
  65. MFA Bombing - What is it?
  66. Protecting your Social Media Accounts
  67. Why we recommend using checklists
  68. Product Focus on Checklists : Initial Trust Plan
  69. Product Focus on Checklists : End of Term Checklist
  70. Product Focus on Checklists : Information and Cyber Security
  71. Product Focus on Checklists : Social Media
  72. Product Focus on Checklists : Lettings
  73. Product Focus on Checklists : Record of Processing
  74. Milk Island: The secret location that allows children to view restricted content on Google Maps
  75. Why Data Should Stay Put: Benefits of Keeping Data in Its Original System
  76. Product Focus on Checklists : Data Retention and Destruction
  77. Product Focus on Checklists : Data Migration
  78. Product Focus on Checklists : Biometrics
  79. Product Focus on Checklists : Supplier Due Diligence
  80. Free Cyber help, advice and training with the Cyber Resilience Centres
  81. The Perils of Paper: The Printing Vulnerability
  82. Product Focus on Checklists : FOI
  83. Product Focus on Checklists : Governors and Data
  84. Product Focus on Checklists : DPIA
  85. Product Focus on Checklists : Site Moves
  86. Product Focus on Checklists : Data Breaches
  87. Product Focus on Checklists : Subject Access Requests
  88. Product Focus on Checklists : Bring your own device
  89. Product Focus on Checklists : Working out of school/offsite
  90. Cyber Attack on a School
  91. Product Focus on Checklists : Redaction
  92. Why Due Diligence is Important: Fake apps
  93. Product Focus on Checklists : CCTV
  94. Product Focus on Checklists : Clear desk
  95. Product Focus on Checklists : Commitment to compliance
  96. Product Focus on Checklists : Photos and video
  97. Product Focus on Checklists : Passwords
  98. Product Focus on Checklists : Information Classification
  99. Free cyber training for staff
  100. DfE Digital Standards Update
  101. The Mother of all Breaches
  102. International Data Transfers (part 1): Navigating Cross-Border Data Transfers: Understanding EU SCCs, UK Addendum, and UK IDTA
  103. ClassCharts Possible Data Breach
  104. Where is your data stored?
  105. IAPP looks at AI privacy risks
  106. If you suspect a financial scam .....
  107. School Focus: St Bernadette's Catholic Primary School | Brighton
  108. Guardians of Privacy: 16. Social Media Checklist
  109. Guardians of Privacy: 15. Navigating Social Media in Educational Settings Summary
  110. Guardians of Privacy: 14. Social Media and Cyber Bullying
  111. Guardians of Privacy: 13. Social Media, Copyright and Intellectual Property
  112. Guardians of Privacy: 12. Social Media and Going Viral
  113. Guardians of Privacy: 11. Staff Social Media Accounts
  114. Guardians of Privacy: 10. Social Media and Cookies
  115. Guardians of Privacy: 9. Social Media and Morality
  116. New Resources for Schools from the ICO
  117. Guardians of Privacy: 8. Social Media Policies
  118. Guardians of Privacy: 7. Social Media Data Retention
  119. Guardians of Privacy: 6. Posting Safely
  120. Guardians of Privacy: 5. Social Media and Consent
  121. Guardians of Privacy: 4. Social Media Access Control
  122. Guardians of Privacy: 3. Social Media Channels
  123. Guardians of Privacy: 2. Law and Regulations
  124. Guardians of Privacy: 1. Social media, privacy and children
  125. The ICO reprimands a Multi Academy Trust
  126. KCSIE: Filtering, Monitoring and Privacy
  127. Guidance for the use of school email and applying email retention in schools
  128. Data Protection Tips for Early Years Settings
  129. Children's Privacy around the world is a puzzle
  130. Trust Initial Plan Checklist Update
  131. Records Management Best Practice Update
  132. Governors and Data Best Practice Area Update
  133. What do I need to redact?
  134. Trust Initial Plan for Data Protection Compliance (for Multi Academy Trusts)
  135. Google for Education Resources: Helping IT Admins meet DfE digital and technology standards
  136. Lettings Best Practice and Guidance
  137. Considerations when migrating to a new MIS
  138. Public bodies and sensitive data
  139. Get a DPE Badge for your website!
  140. ICO: 10 Step guide to sharing information to safeguard children
  141. Help after a Cyber Attack/Incident
  142. Data Protection and Cyber Security (Inset Day) Training Ideas
  143. How KCSIE is linked to Cyber Strategy
  144. Handling Freedom of Information Requests the right way
  145. Where's Harry the Hacker?
  146. The ICO Reprimands a school
  147. Subject Access Requests (SARs)
  148. Redaction Guidelines Updated
  149. Using WhatsApp in Schools
  150. How to contact us for support, subject access requests, data breaches and FOI's
  151. FOI: Reinforced Autoclaved Aerated Concrete
  152. FOI: Henry Jackson Society
  153. FOI: Vaccination Justifications
  154. How the Record of Processing Can Help You
  155. What does a Data Protection Officer Do?
  156. Blog: Best Practice on the Retention of Child Protection Information
  157. Carrying out Supplier Due Diligence
  158. Email and retention periods
  159. How Long Should You Keep Personal Data For?
  160. Sharing this year’s Nativity play online
  161. A quick introduction to the Phishing Simulation tool
  162. B&H FoI: Racist/religious incidents/bullying
  163. Protocol for Setting Up and Delivery of Online Teaching and Learning
  164. Class Dojo International Data Sharing
  165. Model Publication Scheme: Amendments, Improvements and Updates
  166. Transparency
  167. Parents and students covertly recording conversations
  168. SAR? ER? FOI?
  169. Research projects and GDPR
  170. Secure file transfer of files using Royal Mail
  171. Emergency contacts and consent
  172. Key elements of a successful DPIA
  173. FOI Publication Schemes
  174. Best Practice for Managing Photos and Video
  175. New Drip Feeds: Recognise and Respond to Subject Access Request
  176. When to contact the Data Protection Officer?
  177. National child measurement programme
  178. Make sure DPE is your registered DPO with the ICO
  179. Headteacher fined for breach of data protection legislation

Search