The recent data breach involving Online SCR, an online provider of single central record (SCR) services, has put the personal data of education staff at risk.  The breach was a result of a cyber attack on a subcontractor.

As schools begin to welcome back students, staff and new joiners, the focus is on the new academic year: curriculum planning, safeguarding and operational logistics.  An equally critical and statutory area that demands attention is data protection and cyber security compliance.  Adhering to data protection law isn't just about avoiding fines; it's about protecting sensitive personal data of children, their families and staff.

The Murky Panda (also known as Silk Typhoon) is a cyber threat that has had significant activity since 2023 and has targeted government, technology, academic, legal and professional services. Currently there are reports of the threats only in North America, however, as the Murky Panda has previously targeted compromises in the cloud, it is assumed that they will easily transition to attacks further afield. The threat group is a China-nexus group

The ICO Accountability Framework is a crucial tool for any organisation handling personal data, providing a structured approach to data protection compliance. When applied to the Department for Education (DfE) Digital Standards, it becomes a powerful mechanism for schools and trusts to ensure their technology and data practices are not only efficient but also legally compliant and secure.

The DfE has published the report for their consultation: Narrowing the Digital Divide in Schools and Colleges, with the conclusion that schools can and want to meet the standards by 2030.

The changes to the Academy Trust Handbook will be effective from 1st September 2025 and include some statutory digital standards recommendations.

A secondary school in Cornwall close for two days due to a 'cyber incident'.

This podcast episode delves into the often-overlooked but crucial topic of records management within the school environment. It breaks down the lifecycle of a record from creation to disposal, highlighting the legal framework schools operate within, including the Data Protection Act 2018, UK GDPR, and the Freedom of Information Act 2000. The episode also explores the consequences of non-compliance, the importance of a robust Records Management Policy, and the specific considerations for handl

Join us for our latest podcast episode breaking down the key changes introduced by the UK's new Data (Use and Access) Act (DUAA), explaining its phased rollout and objectives.

It clarifies that the Act amends, rather than replaces, existing data protection laws like the UK GDPR and Data Protection Act 2018. The discussion covers the shift from the ICO to the Information Commission, the introduction of 'Recognised Legitimate Interests' as a lawful basis for processing data, refined

The UK's data governance is undergoing change with the Data (Use and Access) Act (DUAA) receiving Royal Ascent and passing onto the statue books on 19th June 2025. Though it is becoming law, additional guidance is yet to emerge on the detail - some of the Act's provisions need a commencement order to take effect, with the next one expected on October 1, 2025. However, some parts of the Act will come into force imme

This podcast episode provides an overview of the Data Protection Education's 2024 training update, focusing on the legal framework and practical guidance for data protection in the workplace. The discussion covers key definitions like UK GDPR, Data Controller, Data Processor, Personal Data, and Data Protection Officer. It also highlights the importance of data protection in preventing breaches and fostering a strong

😎☀️ Did you know there is an increase in cyber attacks on a long weekend, half term and end of term, so a period of heightened cyber risk.  This article gives some advice about what you need to have in place - it's particularly important that you are able to monitor your network during the long Summer break.

The GOV.UK Cyber Security Breaches Survey 2025 is out and reveals that 43% of UK businesses and 30% of charities experienced a cyber security breach or attack in the last 12 months.  We review and highlight some key data protection points.

📢 This week the news has reported cyber attacks on several major UK retailers: Marks and Spencer, the Co-op and Harrods, all of which have given everyone a stark reminder of the ever-present and evolving threat of cyber crime.

🔒 It's World Password Day - a reminder to check how secure your passwords are and where you store that information.  There's a lot of password help and advice out there which can be confusing.  We highlight the basic things you need to be thinking about.