The Department for Education (DfE) updated its Data protection in schools guidance on 17 June 2026, this refresh aligns the guidance with the wider expected KCSIE 2026 guidance and reinforces existing obligations that schools should already be acting on.

This article sets out what has changed, what it means for your school in practice, and the actions your data protection lea

The Keeping Children Safe in Education (KCSIE) document obliges schools and colleges in England to “ensure appropriate filters and appropriate monitoring systems are in place and regularly review their effectiveness”. This responsibility is now a standard, no just a technical tick box, but a core leadership and safeguarding function.

In May 2026, Shottermill Junior School in Haslemere, Surrey became the latest UK primary school to fall victim to a ransomware attack. The LockBit 5.0 group officially listed the school as a victim on 9 June 2026, with threat intelligence monitors detecting the initial network infiltration as far back as 20 May 2026. This means the attackers had approximately three weeks of dwell time inside school systems before the attack became public

When a Multi-Academy Trust (MAT) accidentally leaks highly sensitive pupil data, it makes national headlines.

Earlier this year, we brought together schools and multi academy trusts from across the sector for a day focused on something that continues to challenge us all:  data protection in education.

The response was incredible.

On 4 June 2026, Powys County Council confirmed that a cyber security incident had resulted in the theft of personal data belonging to pupils, staff, and others connected to schools in mid-Wales. Thirteen schools were affected by the wider incident, with personal data specifically taken from at least one. The attack was first identified in April 2026 and, according to the council, was “quickly contained”, but not before

We present an article written by our Featured Guest Expert Ralph T O'Brien for our school and multi academy trust customers about the Data Use and Access Act where he breaks down what the latest legislative changes mean for the education sector.

📢 Thinking about your training for inset days in September? Then look no further and book onto our online training sessions.

ChatGPT, Gemini, Copilot and Data Protection

A Practical Guide for School Leaders and Data Protection Officers

This article combines guidance from the Guardians of Privacy series, produced by Data Protection Education in collaboration with Litus Digital, with urgent new advice issued in May 2026 following confirmed blackmail attempts against UK schools using AI-manipulated images of children. Key sources include the UK Safer Internet Centre (8 May 2026) and the Internet Watch Foundation.

Cyber attacks on schools are no longer a distant threat. The Department for Education (DfE) has just launched a dedicated Cyber Security Hub to help schools navigate this growing danger, and as a school leader, it's worth understanding exactly what it offers and why it matters.  If you were at our conference in February you were lucky enough to see a preview of the tool!

The Cyber Security Breaches Survey 2025/2026 was published on 30t April 2026 by DSIT and the Home Office.  We outline the current threat picture for schools.