News

Sadly, we are letting you know about another cyber attack on a group of schools in Blackpool in the second week of term.

📢 We would like to announce that Data Protection Education are sponsoring the data protection discussion forum with the Association of Network Managers in Education.

A high school in south London was closed for the first part of this term due to a ransomware attack.  Students were sent home advising parents that the school would be closed for three days while all staff devices were 'cleansed'.

If  your organisation posts on social media channels, then please follow us for more content!

Another school has been hit by a cyber attack, this time in Canvey Island, Essex, who say the cyber attack happened during the summer holidays.

Schools are back in full swing, and so is our work at Data Protection Education! This week, we’ve been busy with data walks, on-site training, and booking meetings across various schools to ensure data protection standards are up to date and effective.

We've published a new e-learning module for 2024 data protection training.

The data protection officer is mentioned many times in the DfE Digital Standards for Schools and Colleges as someone that should either be informed or consulted with.  As part of that consultation process, we would like to announce our new DfE Digital Standards for Schools and Colleges Tracker.

We are launching a new best practice area which has all the policies, documents and posters in one place.  You can find this page in our main best practice area:

We've put all the specific school and trust related data protection guides, documents and queries into one area to make it easier for you.

We recognised that a number of our customers needed a generic retention schedule to help get them started with their records management.

We've updated our 'Making the Rounds', data walk, to include some central processes that should be included in data protection and cyber security compliance:

An update this week from the ESFA has reported a change in requirements regarding IT security for colleges and special post-16 institutions (SPIs).

The ICO have issued a reprimand to a school that did not follow due diligence when introducing facial recognition technology (FRT).

The recent news has been full of the global IT outage that affected many systems over the weekend, including airlines and patient access.  Although the incident was not caused by a cyber attack, it is important to note that it was a cyber incident which affects everyone.

A cyber incident is an event with threatens the confidentiality, integrity or availability of information systems, networks or the information they contain.

Review our previous article: What's a Cyber

Plans for the new government to introduce legislation for cyber security, digital and data were outlined in the King's speech on 17 July 2024.

We've updated our end of term and end of year guidance, alongside advice for privacy considerations for special occasions (which also normally occur at the end of term).

Ageing and out of date technology is an every day challenge for most schools and small businesses, but is there a risk?

We are asked a lot about retention schedules and keeping file when a pupil moves onto another school.  
This short video explains the basics behind data retention and the implications of keeping data for longer than required.



  Knowledge Bank
We have a retention schedule on our Knowledge Bank portal where you can check the retention period for all types of files in  your organisation.

Visit our Records Management Best Pract

This article is for all schools, colleges and multi academy trusts as a first step towards looking at the DfE Digital Standards for Schools and Colleges.


These standards should be used as guidelines to support your school or college use the right digital infrastructure and technology.

The SLT digital lead is usually someone with teaching experience. They will act as a link between: 

technical staff  the SLT  curriculum leads

This article discusses what a cyber incident is and what you should do if you experience one.  The important thing to note is that this isn't a full-blown cyber attack, but you should still go through various reporting and risk management processes.