On July 18, 2022, the U.K. government introduced the Data Protection and Digital Information Bill to Parliament. Previously known as the Data Reform Bill, it is the result of a consultation from 2021 and its aim is to update and simplify the U.K.’s data protection framework. According to the U.K. government, the new legal framework created by the DPDI Bill will reduce burdens on organizations while maintaining high data protection standards.
This articles lists the latest updates and new documents to the Knowledge Bank.
Malware is malicious software designed to harm computer systems and is linked to data protection in several ways.
Malware can be used to steal or compromise sensitive data stored on a computer system or network. This data could include personal information, financial data, or confidential business information. In this sense, malware poses a significant threat to data protection, as it can lead to data breaches and other security incidents.
Malware can
The headteacher of a grammar school has left her role after sending parents a list of the teachers going on strike.
The Headteacher at King Edward VI Five Ways Grammar school in Birmingham had been headmistress for just 18 months when an email she sent to parents is alleged to have named some teachers who would be striking during the planned walkouts last month.
This article is a reminder that Microsoft will stop support for both Windows Server 2012 and Windows Server 2012 R2 after October 10th 2023. Keeping software up to date on devices is best practice to help prevent cyber attacks and data breaches.
This article lists the ways that Data Protection Education can be contacted for general data protection queries, data breaches, subject access requests and freedom of information requests.
While all our customers have a dedicated consultant who can be contact directly, if there is an urgent issue we would always advise emailing This email address is being protected from spambots. You need JavaScript enabled to view it..
When you email This email address is being protected from
The first child protection complain ever made against Big Tech under UK Law.
The following article talks about how a school thwarted a cyber attack, more through luck than judgement. Our advice is for the whole organisation to be cyber aware and review how your organisation might respond when attacked. The article gives ideas on how to begin making a cyber ready plan.
In October 2020 Kellett School was subject to a ransomware denial-of-service (DoS) attack orchestrated by a Russian criminal hacker group. After the attack, a post m
This article is linked to a series of articles about different types of Cyber Attacks. They can be viewed in the Information/Cyber Security News section of the Data Protection Education website or as part of the Information & Cyber Security Best Practice Area. Each article discusses a different type of cyber attack, steps to try to minimise the risk and guidance
With the increase in Cyber crime against schools in the UK we are focusing in on what can be done to help prevent cyber crime in a way mangeable for school budgets.
Given the current financial pressure on schools it is very likely there are devices in schools running out of date software. This article looks at the most recent version of Windows that support has ended for, what that means and why upgrades are a must.
To assign courses to your staff, we should use the to-do functionality via the Course Assignment and Progress Report.
When we assign a to-do via this report, and the user completes the course, the to-do will be automatically marked as complete in the to-do list.
The Record of Processing can often seem like a daunting process to undertake- but it’s important to view it as exactly that- a process. Documenting the processes your organisation carries out is an ongoing project that you continue to evolve and develop as those processes change. The value you can get out of spending some time and care by completing various ones shouldn’t be underestimated. We’ve spoken to some of the people who have used the RoP tool on the Knowledge Bank, and asked th
VPN’s have become commonplace over the past couple of years, with every content creator out there having at some point been sponsored by Nord VPN (other VPN providers are available). VPN's are mostly used so that we can watch content on streaming platforms that would otherwise be blocked in the UK. However, as well as allowing you to watch Pulp Fiction on Canadian Netflix, VPN’s have excellent security benefits that can help prevent data breaches and cyber attacks.
Under UK GDPR, Public Authorities or Bodies, as well as businesses carrying out certain processes are required to appoint a Data Protection Officer (DPO). This article will explain why you need a DPO and what a DPO does for your organisation.
Recently there has been an annual study published by Ponemon Institute (sponsored by Experian) entitled “Is Your Company Ready for a Big Data Breach?”. The study looks at the state of breach preparedness across organisations over a period of a year,
Retention of Child Protection Information is for 25 years from the DOB of the Pupil
The Education (Pupil Information)(England) Regulations 2005 (SI 2005/1437 states that pupil records should be retained for 25 years from the date of birth of the pupil.
At Data Protection Education, we are carrying out an ongoing project on assessing potential organisations that our schools are either currently contracted with to supply a product or service, or may in the future be in contract with.
Email is the classic data protection issue - it's not about the system where we store things, it's about the process and how that data is used. So ask yourself, what is the content of the email and what does it relate to?
For most organisations, a lot of thought and care goes into ensuring that when you’re collecting data, you are complying with the relevant data protection legislation- that it’s being collected with consent where required, that you have a lawful basis etc. However,
A recent study conducted by Check Point Research which can be found at the bottom of this article has found that there has been a 29% increase in cyberattacks on organisations in the education sector since 2020, the highest increase of any sector.
Cyber attacks are on the up, and with the education sector seeing the highest number of cyber attacks of any sector since the start of the pandemic, as well as the highest increase in attacks in that same period
With biometric technology becoming more and more prevalent in society, the governance of the personal data that organisations collect from using this technology has recently been a topic of discussion.
How to share this year’s Nativity play online safety
Schools will have good intentions in wanting to share this year’s Nativity play online. But how do you ensure you do this safely and adhere to the latest data protection regulations? Below is some guidance which will support you in this task.
The Children’s Code
The first update from the ICO is that the transition year for the introduction of The Children’s Code (also known as The Age Appropriate Design Code) has passed, with the code having come into effect on September 2nd.
Schools in Brighton and Hove have received the following Freedom of Information request:
1. Please send me copies/scans/digital files that record individual racist/religious incidents/bullying incidents in terms of numbers of incidents and their
The National Cyber Security Centre has today upgraded it's advice to schools relating to the prevalence of cybers attacks in the sector:
These protocols aim to ensure that online lessons with pupils when working from home, are safe, secure and continue to provide high-quality education using a virtual platform.
This is guidance for setting up and managing online lessons using the school’s chosen platform ie Zoom; Google or Microsoft teams.
Users of Class Dojo will recently have noticed that a requirement to provide consent for international data transfers was included to the login screen.
It is a requirement under the Freedom of Information Act and ICO to set out your commitment to making certain classes of information routinely available, such as policies and procedures, minutes of meetings, annual reports and financial information.