With the recent Data Use and Access Act, organisations must now be more precise than ever about how they handle data rights concerns; the complaints process for data rights is clarified and formalised. This article discusses best practice around which complaints process to use when you receive a complaint.
Joe Tidy, BBC's Cyber correspondent has published a blog about cyber crime in schools following the ICO issuing a warning about the 'worrying trend' of students hacking their own school and college IT systems for fun or as part of dares. We explore the situation and what you should do when it happens.
Parents of a school in Birmingham are concerned that a school has accidentally shared a spreadsheet which contained student names for children in Year 7 to Year 11 and parental contact details.
We've updated and added some new policies, including the Data Protection Policy, Model Redaction Guidelines, Data Rights Complaints Process, Freedom of Information Policy, SAR Procedure Template, SAR Response Template, Subject Access Request Clarification Template. This article shows an amendments made to the documents.
The latest release of the "Keeping Children Safe in Education" guidance brings important updates for schools and colleges, including points relating to the rapidly evolving digital landscape. Most of the changes in this year's guidance are technical.
We've published a new e-learning module for 2025 data protection training.
The recent data breach involving Online SCR, an online provider of single central record (SCR) services, has put the personal data of education staff at risk. The breach was a result of a cyber attack on a subcontractor.
As schools begin to welcome back students, staff and new joiners, the focus is on the new academic year: curriculum planning, safeguarding and operational logistics. An equally critical and statutory area that demands attention is data protection and cyber security compliance. Adhering to data protection law isn't just about avoiding fines; it's about protecting sensitive personal data of children, their families and staff.
The Murky Panda (also known as Silk Typhoon) is a cyber threat that has had significant activity since 2023 and has targeted government, technology, academic, legal and professional services. Currently there are reports of the threats only in North America, however, as the Murky Panda has previously targeted compromises in the cloud, it is assumed that they will easily transition to attacks further afield. The threat group is a China-nexus group
The ICO Accountability Framework is a crucial tool for any organisation handling personal data, providing a structured approach to data protection compliance. When applied to the Department for Education (DfE) Digital Standards, it becomes a powerful mechanism for schools and trusts to ensure their technology and data practices are not only efficient but also legally compliant and secure.
The DfE has published the report for their consultation: Narrowing the Digital Divide in Schools and Colleges, with the conclusion that schools can and want to meet the standards by 2030.
The changes to the Academy Trust Handbook will be effective from 1st September 2025 and include some statutory digital standards recommendations.
A secondary school in Cornwall close for two days due to a 'cyber incident'.
This podcast episode delves into the often-overlooked but crucial topic of records management within the school environment. It breaks down the lifecycle of a record from creation to disposal, highlighting the legal framework schools operate within, including the Data Protection Act 2018, UK GDPR, and the Freedom of Information Act 2000. The episode also explores the consequences of non-compliance, the importance of a robust Records Management Policy, and the specific considerations for handl
Join us for our latest podcast episode breaking down the key changes introduced by the UK's new Data (Use and Access) Act (DUAA), explaining its phased rollout and objectives.
It clarifies that the Act amends, rather than replaces, existing data protection laws like the UK GDPR and Data Protection Act 2018. The discussion covers the shift from the ICO to the Information Commission, the introduction of 'Recognised Legitimate Interests' as a lawful basis for processing data, refined
The UK's data governance is undergoing change with the Data (Use and Access) Act (DUAA) receiving Royal Ascent and passing onto the statue books on 19th June 2025. Though it is becoming law, additional guidance is yet to emerge on the detail - some of the Act's provisions need a commencement order to take effect, with the next one expected on October 1, 2025. However, some parts of the Act will come into force imme
This podcast episode provides an overview of the Data Protection Education's 2024 training update, focusing on the legal framework and practical guidance for data protection in the workplace. The discussion covers key definitions like UK GDPR, Data Controller, Data Processor, Personal Data, and Data Protection Officer. It also highlights the importance of data protection in preventing breaches and fostering a strong
😎☀️ Did you know there is an increase in cyber attacks on a long weekend, half term and end of term, so a period of heightened cyber risk. This article gives some advice about what you need to have in place - it's particularly important that you are able to monitor your network during the long Summer break.
The GOV.UK Cyber Security Breaches Survey 2025 is out and reveals that 43% of UK businesses and 30% of charities experienced a cyber security breach or attack in the last 12 months. We review and highlight some key data protection points.