Following the popularity of our recent CCTV webinar, we've published some pointers for headteachers, governance professionals, head of operations and estates managers about CCTV compliance.

We discuss the legal obligations and common pitfalls of CCTV surveillance under the UK GDPR and Data Protection law.

To operate CCTV lawfully, organisations must move beyond just installing camera.

The DfE has announced a new update to the DfE Digital Cyber Security Standards for Schools and Colleges.

The DfE Wireless Networks is part of the DfE Digital Standards guidance and has recently been updated to include references to Wi-Fi7. You must check with this standard before you plan any Wi-Fi upgrades!

There is a now clear guidance that specifies that any new wireless solution or upgrade must, at a minimum, meet the Wi-Fi 8 standard.

Wi-Fi 7 provides significantly higher throughput and lower latency. In a classroom where 30 students might si

Just at the start of the Easter holidays, an IT system called C2K was the target of a cyber attack. The attack disrupted access to digital tools used by schools across Northern Ireland at a critical point ahead of the exam season. 

🔄☁️ Having a robust backup is being prepared against data loss and data theft.  March 31st is World Backup day to remind everyone of the importance of having a robust and accessible backup.

St Anne's Catholic School in Southampton has been forced to close four days after a cyber attack.

We're pleased to share our Acceptable Use Policy & Agreement for volunteers in response to our customer's requests.

This policy ensures the volunteers in your organisation use school technology responsibly and protect the personal data of pupils and staff. 

We typically see a spike in Subject Access Requests (SARs) at the end of term.  Understanding how to recognise and response to these requests is vital for staying compliant with Data Protection Law.

Did you know there is an increase in cyber attacks on a long weekend? Long weekends and holidays are 'peak season' for hackers who exploit reduced oversight.

A paper archive is a physical collection of documents, records and contracts stored in their original hard-copy form.  This article discusses best practice guidance for keeping records, safe, secure and accessible - an archive is much more than just a 'storage unit'.

Schools are increasingly required to manage sensitive information in ways that balance transparency, fairness, and data protection. One area that frequently creates confusion is the difference between redaction undertaken for a Subject Access Request (SAR) and redaction applied when preparing documentation for a Permanent Exclusion (PEX) Review Panel. The Redaction Guide for PEX Panels has been introduced to address this issue and provide clear, practical guidance for staff.

On March 11, threat actors breached Stryker's network via a unique cyber attack - while the data was removed and then devices wipes, the method of entry into Stryker's network is key to improving your own cyber resilience.

From filing to shredding: Master the entire data lifecycle with our simple guides. We're excited to launch our FREE Records Management Toolkit:  3-Minute Data Sweep, Data Protection Records Management Handbook and our Records Management Reference Sheet.

We know the jargon can be confusing. As can the timelines for responding to the various requests that you receive. Whether it’s an email from a disgruntled parent or a letter from a solicitor, the clock starts ticking the moment it hits your inbox. But before you start pulling files, you must answer one critical question: What exactly are you looking at?

We've uploaded a Subject Access Request Extension Template to the SAR Best Practice Library.

We're already seeing the leavers' hoodies when we're visiting schools and our help desk has received tickets asking about year book administration, so here's some best practice about 'Leaver's Memorabilia'.

📸✅ It's World Book Day on the 5th March when most schools will be celebrating reading and capturing photos of staff and students in their costumes.   Given this is one of many significant photographic events in the calendar, we thought it was a good opportunity to remind everyone of photo and video best practice so there are no data protection slip ups.

Please ensure that you register DPE as your DPO with the Information Commissioner's Office.  Please note we have updated our registered address!

Sharing personal data with a third-party organisation?

Supplier due diligence is about the contracts between controllers and processors.  As a controller you determine the purpose and means of the processing (Article 4 (7)) and are responsible for ensuring processors  (i.e. suppliers and third-parties) have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk for any data processed. 

One of the simplest ways to reduce the risk of a data breach on your organisation's premises is to establish a Clear Desk and Screen Policy. Beyond just tidy classrooms and offices, this initiative protects sensitive student data and staff privacy.

The Keeping Children Safe in Education (KCSIE) 2025 document obliges schools and colleges in England to “ensure appropriate filters and appropriate monitoring systems are in place and regularly review their effectiveness”. This responsibility is now a standard, no just a technical tick box, but a core leadership and safeguarding function.

🛡️Are your School's Digital Gates Secure?  Governors are the gate keepers to cyber security. Today, as we celebrate School Governor's Day, it's the perfect time to ask the question that is critical right now: how do we protect our schools in a digital world?

📢📢 Come and register for our new Data Protection Education webinars for 2026! 

The Data (Use and Access) Act is already law and It received Royal Assent on June 19, 2025. While it is legally an Act of Parliament, its various provisions are being "commenced" (brought into legal effect) in a phased approach that will continue throughout 2026.

Join us for our latest podcast episode breaking down the key changes introduced by the UK's new Data (Use and Access) Act (DUAA), explaining its phased rollout and objectives.  The DUAA becomes law on Thursday 5th February 2026.

A recent ICO reprimand for the Staines Health Group, shows the importance of how special category deserves specific protection. This article highlights the risks associated with 'data dumping' when organisations overshare sensitive information excessively - when the sharing of sensitive safeguarding becomes the safeguarding issue.

The SEROCU (South East Organised Crime Unit) has advised schools across Surrey and Sussex to be aware of a rise in M365 phishing emails.

In a world of hybrid work and virtual meetings, the ability to record and transcribe discussions has become an essential tool for productivity.  However, with this convenience comes a responsibility to protect privacy, maintain security and consider your lawful basis for recording/transcribing.  To provide clear guidance we are introducing our new Recording and Transcription Policy Template.

We've had a few questions recently about parents and students recording conversations with members of staff, both covertly or overtly without seeking permission. This article only covers recordings made by external individuals, not organisations or individuals acting on behalf of an organisation.

The DfE previously issued training and guidance about the use of AI in Education - this has now changed to standards.  Standards define minimum requirements that must be met, whereas a guideline offers recommended best practice or advice. The standards outline the safety standards that generative AI products and systems should meet to be used in educational settings.