With the ICO’s Children’s Code being  brought into effect last year, it is now a legal requirement that organisations that deal with children’s data uphold their rights as a priority, according to Article 1 of the Code. As a part of this, the ICO have published their ‘Best Interests of the Child Self Assessment’ tool, which provides guidance and information on how to ensure that if you are collecting children’s data, or plan to do so, that you are acting in the best interests of the children whose data you are collecting, as well as in accordance with the United Nations Convention on the Rights of the Child (UNCRC).

In this edition of cyber news roundup, we’ll be looking at the continuing cyber threat to health and education sectors, the risks that app stores pose to users, and 2021’s most exploited vulnerabilities.

Amazon’s latest entry into the smart home device technology is their Astro bot, which they describe as:

“The household robot for home monitoring, with Alexa. When you're away, use the Astro app to see a live view of your home, check in on specific rooms and viewpoints, and get activity alerts. When you're home, Astro can follow you from room to room playing your favorite music, podcasts or shows, and find you to deliver calls, reminders, alarms, and timers set with Alexa.”

The Record of Processing can often seem like a daunting process to undertake- but it’s important to view it as exactly that- a process. Documenting the processes your organisation carries out is an ongoing process that you continue to evolve and develop as those processes change. The value you can get out of spending some time and care by completing various ones shouldn’t be underestimated. We’ve spoken to some of the people who have used the RoP tool on the Knowledge Bank, and what they found challenging, and what they found the most useful parts of the tool, in the hope that it will help some of you who may feel like carrying out the Record of Processing is a daunting task.

2022 Security Breach Report Published

The Cyber Security Breaches Survey for 2022 has recently been published by The Department for Digital, Culture, Media and Sport- the full version of which you can find by clicking here.

VPN’s have become commonplace over the past couple of years, with every content creator out there having at some point been sponsored by Nord VPN (other VPN providers are available). VPN's are mostly used so that we can watch content on streaming platforms that would otherwise be blocked in the UK. However, as well as allowing you to watch Pulp Fiction on Canadian Netflix, VPN’s have excellent security benefits that can help prevent data breaches and cyber attacks. 

Organisations in Ukraine are the target of Destructive Malware


Agencies in the US and Australia have published alerts in response to a recent increase in cyber threats to organisations in Ukraine, stating that organisations should take steps to mitigate the threat that currently exists from destructive malware.

Data Protection Education are leading specialists in Data Protection for Schools and Trusts, with the key service that offer being a Data Protection Officer (DPO) service. But what does a DPO do? What value do they bring to an organisation, and how do we help you stay data protection compliant?

Under UK GDPR, Public Authorities or Bodies, as well as businesses carrying out certain processes are required to appoint a Data Protection Officer (DPO). This article will explain why you need a DPO and what a DPO does for your organisation.

Recently there has been an annual study published by Ponemon Institute (sponsored by Experian) entitled “Is Your Company Ready for a Big Data Breach?”. The study looks at the state of breach preparedness across organisations over a period of a year,

Microsoft Azure Breach Leads to Student Data Exposure 

Researchers and Clario published a report which outlined how an open Microsoft Azure repository indexed by a public search engine which needed no authentication had been found.

It’s been far too long since we’ve checked in with Facebook (now Meta), and their ongoing mission to make as much money as possible from our data, so we thought we would discuss the Metaverse, with Mark Zuckerberg’s company being at the forefront

The 1st of January, the 25th of December, and the 28th of January- the three biggest dates in the calendar each year for being New Years Day, Christmas Day and of course, Data Privacy Day.

With cyber threats increasing every month, we’ll be looking to provide weekly updates on the different cyber security threats that have taken place recently to highlight all the different ways in which our data can be accessed by those wishing to do harm.

For most organisations, a lot of thought and care goes into ensuring that when you’re collecting data, you are complying with the relevant data protection legislation- that it’s being collected with consent where required, that you have a lawful basis etc. However,

Cyber attacks are on the up, and with the education sector seeing the highest number of cyber attacks of any sector since the start of the pandemic, as well as the highest increase in attacks in that same period

This year, and in particular since the start of this academic year, we’ve been adding new areas to the already extensive functionalities that the Knowledge Bank offers your organisation.

On the 10th of November 2021, The Supreme Court announced their long awaited decision regarding a lawsuit between Mr Lloyd and Google. The court found unanimously in favour of Google, and dismissed the Court of Appeal’s previous decision.

You may be aware that the UK government is currently holding a consultation "Data: A new direction" on the future of data protection law and regulation in the UK.

Here are some thoughts on our opinion.

Another week, another Facebook story. Don’t worry, we're not slowly becoming a Facebook news outlet, they just keep making headlines in the world of data protection, and this time seemingly for a positive reason.

How to share this year’s Nativity play online safety

Schools will have good intentions in wanting to share this year’s Nativity play online. But how do you ensure you do this safely and adhere to the latest data protection regulations? Below is some guidance which will support you in this task.

Judge rules that Amazon Ring doorbells breach GDPR:

A judge in Oxford County Court has ruled that audio recordings from an Amazon Ring doorbell have breached data protection laws. The case involved an individual taking their neighbour to court, stating that the numerous recordings they had from their various cameras they had set up outside their house amounted to harassment and a breach of the Data Protection Act 2018.

The ICO has published a new code of practice entitled the ‘Data Sharing Code’. The code came into force on October 5th 2021, after being published on September 14th 2021. DLA Piper provides a good overview of the new code of practice, a summary of which can be found below, however if you wish to read their article on the code, you can find it here.

Under UK GDPR, organisations that hold personal information/data about people have a responsibility to ensure that that data is being dealt with in line with the relevant legislation.

At Data Protection Education, we are currently working on contacting all school suppliers with the aim of receiving all of their privacy policies and data agreements to ensure they are being GDPR compliant.

The Children’s Code

The first update from the ICO is that the transition year for the introduction of The Children’s Code (also known as The Age Appropriate Design Code) has passed, with the code having come into effect on September 2nd.

The National Cyber Security Centre has today upgraded it's advice to schools relating to the prevalence of cybers attacks in the sector:

We've looked at the importance of an adequacy decision to allow the free-flow of data between the United Kingdom and Europe in our earlier articles on Brexit. Finally, although in reality quite quickly, we have a decision - with draft adequacy decisions from the European Commission.

Purely from a data protection perspective!

There are various provisions around data in the UK-EU Trade and Cooperation Agreement.

As we all know, on 31 December 2020, the Transition Period (sometimes also referred to as the “Implementation Period”) under the EU-UK Withdrawal Agreement will come to an end. And one of the areas still in the mix is data protection, so what is the status now and what changes?

We know the jargon can be confusing. As can the timelines for responding to the various requests that you receive.

Is it a month? Or 30 days? Are those working days?

So here's a little chart to simplify everything:

Some of you may have seen in the press the long-running legal dispute of Various Claimants vs Morrisons,  which after starting in the High Court in 2017 has finally seen a ruling issued by the Supreme Court.

Subscribe to our newsletter

Please enable the javascript to submit this form