Email is the classic data protection issue - it's not about the system where we store things, it's about the process and how that data is used. So ask yourself, what is the content of the email and what does it relate to?

For most organisations, a lot of thought and care goes into ensuring that when you’re collecting data, you are complying with the relevant data protection legislation- that it’s being collected with consent where required, that you have a lawful basis etc. However,

How to share this year’s Nativity play online safety

Schools will have good intentions in wanting to share this year’s Nativity play online. But how do you ensure you do this safely and adhere to the latest data protection regulations? Below is some guidance which will support you in this task.

Schools in Brighton and Hove have received the following Freedom of Information request:

1. Please send me copies/scans/digital files that record individual racist/religious incidents/bullying incidents in terms of numbers of incidents and their

These protocols aim to ensure that online lessons with pupils when working from home, are safe, secure and continue to provide high-quality education using a virtual platform. 

This is guidance for setting up and managing online lessons using the school’s chosen platform ie  Zoom; Google or Microsoft teams.

Users of Class Dojo will recently have noticed that a requirement to provide consent for international data transfers was included to the login screen.

It is a requirement under the Freedom of Information Act and ICO to set out your commitment to making certain classes of information routinely available, such as policies and procedures, minutes of meetings, annual reports and financial information.

Transparency is about being clear, open and honest with your users about what they can expect from you.

We've had a few questions recently about parents and students recording conversations with members of staff, both covertly or overtly without seeking permission. This article only covers recordings made by external individuals, not organisations or individuals acting on behalf of an organisation.

We know the jargon can be confusing. As can the timelines for responding to the various requests that you receive.

Is it a month? Or 30 days? Are those working days?

So here's a little chart to simplify everything:

Research projects have quite a bit of leeway in GDPR - and whereas GDPR tightened a lot of things up from the old data protection directive, it actually frees up a lot relating to research.

We've recently had more than one breach reported where physical files have got lost in the post.

In such cases, the sender remains the data controller and is responsible for ensuring that the optimum data security measures are in place during transfer. Where possible, consider whether a physical drop-off (and get a receipt) is a more secure option.