We've updated our document redaction guidelines to include more information on the techniques available as well as exemptions.

https://dataprotection.education/best-practice-library/best-practice/redaction

This article is about the use of WhatsApp as a communication tool in schools and recent vulnerabilities. It discusses school staff using WhatsApp as a communication method for school business.

We are sometimes asked by staff whether it is OK for staff to be in a WhatsApp group for important school messages. Staff often wish to use it because it is an easy way to communicate and a platform that a lot of people are familiar with.  It is also free. There are issues around this:

This article lists the ways that Data Protection Education can be contacted for general data protection queries, data breaches, subject access requests and freedom of information requests.

While all our customers have a dedicated consultant who can be contact directly, if there is an urgent issue we would always advise emailing This email address is being protected from spambots. You need JavaScript enabled to view it..

When you email This email address is being protected from

You may have received this FOI request from ITV News:

(scroll down for our advice)

I am writing to you under the Freedom of Information Act 2000 to request information about any use of Reinforced Autoclaved Aerated Concrete (RAAC) in your school. The questions are outlined in the table below...

This FOI request is doing the rounds:  

My name is Charlotte Littlewood, and I am a Research Fellow at the Henry Jackson Society.

I am writing to you under the Freedom of Information Act 2000 to request the following information:

Do you have any current pupils of South Asian descent? (Yes/No) 

You may have received an email or letter requesting information on the research and justification of the administration of vaccines, such as:

Dear Sir/Madam,
RE: SCHOOL VACCINE POLICY.

In relation to UK Government COVID-19 'Vaccine' Policy and Childhood Immunization ‘Vaccine’ Policy which includes INFLUENZA, HPV, MEASLES AND POLIO, under the protection of the People's Union of Britain, you are hereby served notice of conditional acceptance that yo

The Record of Processing can often seem like a daunting process to undertake- but it’s important to view it as exactly that- a process. Documenting the processes your organisation carries out is an ongoing project that you continue to evolve and develop as those processes change. The value you can get out of spending some time and care by completing various ones shouldn’t be underestimated. We’ve spoken to some of the people who have used the RoP tool on the Knowledge Bank, and asked th

Under UK GDPR, Public Authorities or Bodies, as well as businesses carrying out certain processes are required to appoint a Data Protection Officer (DPO). This article will explain why you need a DPO and what a DPO does for your organisation.

Retention of Child Protection Information is for 25 years from the DOB of the Pupil 

The Education (Pupil Information)(England) Regulations 2005 (SI 2005/1437 states that pupil records should be retained for 25 years from the date of birth of the pupil. 

At Data Protection Education, we are carrying out an ongoing project on assessing potential organisations that our schools are either currently contracted with to supply a product or service, or may in the future be in contract with.

Email is the classic data protection issue - it's not about the system where we store things, it's about the process and how that data is used. So ask yourself, what is the content of the email and what does it relate to?

For most organisations, a lot of thought and care goes into ensuring that when you’re collecting data, you are complying with the relevant data protection legislation- that it’s being collected with consent where required, that you have a lawful basis etc. However,