Best Practice Update

    You are here:  
  1. Home
  2. Best Practice Update
A blue graphic with three children peering over a dark blue banner. The banner has white text that reads "Back to School Basics: Data Protection & Cyber Security." To the left of the text is a stack of school books with a red apple on top. To the right is a laptop displaying a logo with the text "Data Protection Education."
Tammy Buchanan
Best Practice Updates

Back to School Basics for Data Protection and Cyber Security Compliance

As schools begin to welcome back students, staff and new joiners, the focus is on the new academic year: curriculum planning, safeguarding and operational logistics.  An equally critical and statutory area that demands attention is data protection and cyber security compliance.  Adhering to data protection law isn't just about avoiding fines; it's about protecting sensitive personal data of children, their families and staff.

Read more …

A detailed flowchart titled "Accountability Framework" showing how the ICO (Information Commissioner's Office) framework and DfE (Department for Education) Digital Standard Trackers align. The central hub is "Accountability Framework" with ten radiating branches, each representing a key area: Leadership & Oversight, Risk Management, Policies & Procedures, Individual Rights, Response & Enforcement, Monitoring Verification & Reporting, Transparency, Records Management & Security, Contracts & Data Sharing, and Training & Awareness. Each branch connects to a box labeled "DfE Digital Standard Trackers," with several icons and checklist boxes underneath. The bottom of the image lists various tools and resources, including "Best Practice Library," "Retention Schedule," "Phishing simulations," "Risk Register," and "Accountability Tracker," which are all linked to the main framework. The overall image illustrates a comprehensive system for achieving and tracking data protection compliance in an educational setting.
Tammy Buchanan
Best Practice Updates

Building a Secure School: Using the ICO Accountability Framework to Meet DfE Digital Standards

The ICO Accountability Framework is a crucial tool for any organisation handling personal data, providing a structured approach to data protection compliance. When applied to the Department for Education (DfE) Digital Standards, it becomes a powerful mechanism for schools and trusts to ensure their technology and data practices are not only efficient but also legally compliant and secure.

Read more …

photo of a hand holding a phone with whatsapp on the screen. Beige background and black text: What's up with WhatsApp? Emma Martins, Chief Commissioner of the Data & Marketing Commission and Data Protection Education have teamed together to give you a comprehensive overview of the risks, recent cases and guidelines about using WhatsApp.
Tammy Buchanan
Best Practice Updates

Preschool Employment tribunal for the use of WhatsApp

📳What's Up with WhatsApp? WhatsApp is a regular theme in relation to SARs, FOI's, data breaches and general use as tickets into our Knowledge Bank platform.  Emma Martins, Chief Commissioner of the Data and Marketing Commission has worked with us to produce some guidance following the recent employment tribunal that was published in relation to a preschool.

Read more …

  1. Not everyone needs access: The Key to Protecting Sensitive Data
  2. West Lothian Schools in Cyber Attack
  3. National Honesty Day: Transparency
  4. FOI Request - BBC News
  5. Social Media and Marketing Guidelines and Training
  6. New Governor Resources
  7. Does stress lead to more data breaches?
  8. Are teachers using AI? 83% say its a time-saver
  9. DfE Digital Standards - narrowing the digital divide
  10. Arbor AI - On By Default
  11. DfE Guidance: Choosing a new MIS
  12. HCRG Care Group data breach
  13. The Importance of AI literacy and training staff
  14. Short Guide to AI Video
  15. Safer Internet Day, Cyber Security & Data Protection
  16. The Cyber Resilience Championship
  17. The Multiple Dimensions of Supplier Due Diligence
  18. School shares sensitive pupil information as part of an FOI response
  19. AI (Artificial Intelligence) Best Practice Area & Policy
  20. Blacon High School Cyber Attack
  21. WhatsApp and FOI's: ICO Warnings
  22. New AI Guidance from the DfE
  23. What the proposed Government legislative proposal around cyber crime means
  24. ICO report on AI tools in recruitment
  25. DfE update to record keeping and management
  26. Update to data sharing for school immunisation programmes
  27. Early Years Settings and Cyber Security
  28. SLT Digital Lead Profile
  29. The role of governors in cyber security and data protection
  30. Navigating Privacy at the End of Term , Special Occasions and End of Year
  31. Contracts Register
  32. DfE Digital Standards Autumn Update
  33. The importance of knowing how to access your CCTV footage!
  34. Cyber Attack on a Special School
  35. Stealing children's data
  36. What is dark data? (and why does it matter?)
  37. Ofqual highlights the value of cyber security training in schools
  38. Searching for data when you receive a Subject Access Request
  39. Fylde Coast Academy Trust Cyber Attack This Week
  40. Calling all IT leads in schools and mult academy trusts!
  41. Ransomware cyber attack on a school in Bromley
  42. Join Our Social Media Family!
  43. School hit by Cyber Attack
  44. Cyber Security Best Practice Area
  45. DfE Digital Standards for Schools and Colleges Tracker
  46. New Policies, Documents, Letters and Posters page
  47. Schools and Trusts Best Practice Area
  48. The DPE Retention Schedule
  49. Making the Rounds Update (now includes reporting)
  50. ESFA Cyber Essentials Requirement for Colleges from 2024/2025
  51. ICO Reprimands a School
  52. Out of date technology
  53. Data Retention and the Pupil File
  54. Have you assigned your SLT Digital Lead yet?
  55. Getting Started with AI (Artificial Intelligence)
  56. Cyber attack on a school during half term
  57. The rise of cyber attacks in schools are causing pupils to miss classes
  58. ICO: Learning from the mistakes of others report
  59. Cyber attack on a Trust; the aftermath
  60. School Focus: The Vale Federation | Aylesbury
  61. DfE Dealing with Subject Access Requests (SARs) Guidance
  62. Update to the Guidance on Information Sharing from the DfE
  63. FOI Requests generated by Artificial Intelligence
  64. Social Media Best Practice Area
  65. Lettings Best Practice Area
  66. MFA Bombing - What is it?
  67. Protecting your Social Media Accounts
  68. Checklists - Are They Your Most Powerful Compliance Tool?
  69. Product Focus on Checklists : Initial Trust Plan
  70. Product Focus on Checklists : End of Term Checklist
  71. Product Focus on Checklists : Information and Cyber Security
  72. Product Focus on Checklists : Social Media
  73. Product Focus on Checklists : Lettings
  74. Product Focus on Checklists : Record of Processing
  75. Milk Island: The secret location that allows children to view restricted content on Google Maps
  76. Why Data Should Stay Put: Benefits of Keeping Data in Its Original System
  77. Product Focus on Checklists : Data Retention and Destruction
  78. Product Focus on Checklists : Data Migration
  79. Product Focus on Checklists : Biometrics
  80. Product Focus on Checklists : Supplier Due Diligence
  81. Free Cyber help, advice and training with the Cyber Resilience Centres
  82. The Perils of Paper: The Printing Vulnerability
  83. Product Focus on Checklists : FOI
  84. Product Focus on Checklists : Governors and Data
  85. Product Focus on Checklists : DPIA
  86. Product Focus on Checklists : Site Moves
  87. Product Focus on Checklists : Data Breaches
  88. Product Focus on Checklists : Subject Access Requests
  89. Product Focus on Checklists : Bring your own device
  90. Product Focus on Checklists : Working out of school/offsite
  91. Cyber Attack on a School
  92. Product Focus on Checklists : Redaction
  93. Why Due Diligence is Important: Fake apps
  94. Product Focus on Checklists : CCTV
  95. Product Focus on Checklists : Clear desk
  96. Product Focus on Checklists : Commitment to compliance
  97. Product Focus on Checklists : Photos and video
  98. Product Focus on Checklists : Passwords
  99. Product Focus on Checklists : Information Classification
  100. Free cyber training for staff
  101. DfE Digital Standards Update
  102. The Mother of all Breaches
  103. International Data Transfers (part 1): Navigating Cross-Border Data Transfers: Understanding EU SCCs, UK Addendum, and UK IDTA
  104. ClassCharts Possible Data Breach
  105. Where is your data stored?
  106. IAPP looks at AI privacy risks
  107. If you suspect a financial scam .....
  108. School Focus: St Bernadette's Catholic Primary School | Brighton
  109. Guardians of Privacy: 16. Social Media Checklist
  110. Guardians of Privacy: 15. Navigating Social Media in Educational Settings Summary
  111. Guardians of Privacy: 14. Social Media and Cyber Bullying
  112. Guardians of Privacy: 13. Social Media, Copyright and Intellectual Property
  113. Guardians of Privacy: 12. Social Media and Going Viral
  114. Guardians of Privacy: 11. Staff Social Media Accounts
  115. Guardians of Privacy: 10. Social Media and Cookies
  116. Guardians of Privacy: 9. Social Media and Morality
  117. New Resources for Schools from the ICO
  118. Guardians of Privacy: 8. Social Media Policies
  119. Guardians of Privacy: 7. Social Media Data Retention
  120. Guardians of Privacy: 6. Posting Safely
  121. Guardians of Privacy: 5. Social Media and Consent
  122. Guardians of Privacy: 4. Social Media Access Control
  123. Guardians of Privacy: 3. Social Media Channels
  124. Guardians of Privacy: 2. Law and Regulations
  125. The ICO reprimands a Multi Academy Trust
  126. Guidance for the use of school email and applying email retention in schools
  127. Data Protection Tips for Early Years Settings
  128. Children's Privacy around the world is a puzzle
  129. Trust Initial Plan Checklist Update
  130. Records Management Best Practice Update
  131. What do I need to redact?
  132. Trust Initial Plan for Data Protection Compliance (for Multi Academy Trusts)
  133. Google for Education Resources: Helping IT Admins meet DfE digital and technology standards
  134. Lettings Best Practice and Guidance
  135. Considerations when migrating to a new MIS
  136. Public bodies and sensitive data
  137. Get a DPE Badge for your website!
  138. ICO: 10 Step guide to sharing information to safeguard children
  139. Help after a Cyber Attack/Incident
  140. Data Protection and Cyber Security (Inset Day) Training Ideas
  141. How KCSIE is linked to Cyber Strategy
  142. Handling Freedom of Information Requests the right way
  143. Where's Harry the Hacker?
  144. The ICO Reprimands a school
  145. Redaction Guidelines Updated
  146. Using WhatsApp in Schools
  147. How to contact us for support, subject access requests, data breaches and FOI's
  148. FOI: Reinforced Autoclaved Aerated Concrete
  149. FOI: Henry Jackson Society
  150. FOI: Vaccination Justifications
  151. How the Record of Processing Can Help You
  152. What does a Data Protection Officer Do?
  153. Carrying out Supplier Due Diligence
  154. How Long Should You Keep Personal Data For?
  155. B&H FoI: Racist/religious incidents/bullying
  156. Protocol for Setting Up and Delivery of Online Teaching and Learning
  157. Class Dojo International Data Sharing
  158. Model Publication Scheme: Amendments, Improvements and Updates
  159. Transparency
  160. Research projects and GDPR
  161. Secure file transfer of files using Royal Mail
  162. Emergency contacts and consent
  163. Key elements of a successful DPIA
  164. FOI Publication Schemes
  165. Best Practice for Managing Photos and Video
  166. New Drip Feeds: Recognise and Respond to Subject Access Request
  167. When to contact the Data Protection Officer?
  168. National child measurement programme
  169. Headteacher fined for breach of data protection legislation
  170. Acceptable Use Policy

©2026 Data Protection Education Ltd.

Search