📢 We would like to announce that Data Protection Education are sponsoring the data protection discussion forum with the Association of Network Managers in Education.

A high school in south London was closed for the first part of this term due to a ransomware attack.  Students were sent home advising parents that the school would be closed for three days while all staff devices were 'cleansed'.

Follow us on social media for the latest updates, exclusive content, and insights into data protection best practice, cyber security and online safety.

Another school has been hit by a cyber attack, this time in Canvey Island, Essex, who say the cyber attack happened during the summer holidays.

🛡️✅ Gone are the days when cyber security issues meant accidentally downloading a virus, it has grown to mean so much more, where data and identities are stolen, fraud is committed and businesses can be shut down from a cyber attack.  With that in mind we have created a cyber security best practice area to help guide and support your data protection compliance.

The data protection officer is mentioned many times in the DfE Digital Standards for Schools and Colleges as someone that should either be informed or consulted with.  As part of that consultation process, we would like to announce our new DfE Digital Standards for Schools and Colleges Tracker.

We are launching a new best practice area which has all the policies, documents and posters in one place.  You can find this page in our main best practice area:

We've put all the specific school and trust related data protection guides, documents and queries into one area to make it easier for you.

We recognised that a number of our customers needed a generic retention schedule to help get them started with their records management.

We've updated our 'Making the Rounds', data walk, to include some central processes that should be included in data protection and cyber security compliance:

An update this week from the ESFA has reported a change in requirements regarding IT security for colleges and special post-16 institutions (SPIs).

The ICO have issued a reprimand to a school that did not follow due diligence when introducing facial recognition technology (FRT).

The recent news has been full of the global IT outage that affected many systems over the weekend, including airlines and patient access.  Although the incident was not caused by a cyber attack, it is important to note that it was a cyber incident which affects everyone.

A cyber incident is an event with threatens the confidentiality, integrity or availability of information systems, networks or the information they contain.

Review our previous article: {article title=

Plans for the new government to introduce legislation for cyber security, digital and data were outlined in the King's speech on 17 July 2024.

We've updated our end of term and end of year guidance, alongside advice for privacy considerations for special occasions (which also normally occur at the end of term).

Ageing and out of date technology is an every day challenge for most schools and small businesses, but is there a risk?

We are asked a lot about retention schedules and keeping file when a pupil moves onto another school.  

This short video explains the basics behind data retention and the implications of keeping data for longer than required.



  Knowledge Bank
We have a retention schedule on our Knowledge Bank portal where you can check the retention period for all types of files in  your organisation.

Visit our Records Management Be

This article is for all schools, colleges and multi academy trusts as a first step towards looking at the DfE Digital Standards for Schools and Colleges.

This article discusses what a cyber incident is and what you should do if you experience one.  The important thing to note is that this isn't a full-blown cyber attack, but you should still go through various reporting and risk management processes.

We've been asked by some of our customers what they need to consider when thinking about using AI to improve job efficiency as a time saving exercise or part of CPD, so staff related.
This article puts together some available resources as an initial step.

Unfortunately, a school has declared a 'significant critical incident' after it was targeted in a cyber attack.

Regular cyber training for staff is crucial given the amount of systems involved in running organisations.  Schools and Trusts should be doing this annually as advised by the DfE Cyber Security Digital Standards.

The DfE have announced a new update to the DfE Digital Cyber Security Standards for Schools and Colleges.

The BBC have recently reported that due to the number of cyber attacks on schools that the ICO have seen an increase of 55% since 2022 of cyber incidents in the education and childcare sector.

The ICO has published a report today about 'learning from the mistakes of others'.  Given that cyber security is a crucial part of protection information and it is important to note that security breaches frequently lead to information breaches.

NHS Dumfries and Galloway has confirmed some children’s mental health data has been published by criminals following a cyber attack.    

The aftermath of cyber attacks on schools and multi academy trusts is rarely documented or shared, so it was refreshing to see this video made in conjunction with GovernorHub.

The Vale Federation is made up of two special schools, Booker Park and Stocklake Park who have worked with Data Protection Education for a number of years on compliance and data protection. They are based in Aylesbury and are committed to safeguarding and promoting the welfare of children and young people.

The DfE have recently published updates to their Data Protection toolkit.  Previously there had been very little guidance in the toolkit about how to respond to Subject Access Requests.  There is now a specific section on this and an extra update about responding to other data rights requests such as changing, deleting or restricting of personal information.

The DfE recently updated their guidance for practitioners providing safeguarding services for children, young people, parents and carers.  We have highlighted the changes below and what that might mean regarding data protection and data sharing.