Schools are increasingly required to manage sensitive information in ways that balance transparency, fairness, and data protection. One area that frequently creates confusion is the difference between redaction undertaken for a Subject Access Request (SAR) and redaction applied when preparing documentation for a Permanent Exclusion (PEX) Review Panel. The Redaction Guide for PEX Panels has been introduced to address this issue and provide clear, practical guidance for staff.

From filing to shredding: Master the entire data lifecycle with our simple guides. We're excited to launch our FREE Records Management Toolkit:  3-Minute Data Sweep, Data Protection Records Management Handbook and our Records Management Reference Sheet.

We know the jargon can be confusing. As can the timelines for responding to the various requests that you receive. Whether it’s an email from a disgruntled parent or a letter from a solicitor, the clock starts ticking the moment it hits your inbox. But before you start pulling files, you must answer one critical question: What exactly are you looking at?

We've uploaded a Subject Access Request Extension Template to the SAR Best Practice Library.

We're already seeing the leavers' hoodies when we're visiting schools and our help desk has received tickets asking about year book administration, so here's some best practice about 'Leaver's Memorabilia'.

📸✅ It's World Book Day on the 5th March when most schools will be celebrating reading and capturing photos of staff and students in their costumes.   Given this is one of many significant photographic events in the calendar, we thought it was a good opportunity to remind everyone of photo and video best practice so there are no data protection slip ups.

Please ensure that you register DPE as your DPO with the Information Commissioner's Office.  Please note we have updated our registered address!

Sharing personal data with a third-party organisation?

Supplier due diligence is about the contracts between controllers and processors.  As a controller you determine the purpose and means of the processing (Article 4 (7)) and are responsible for ensuring processors  (i.e. suppliers and third-parties) have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk for any data processed. 

One of the simplest ways to reduce the risk of a data breach on your organisation's premises is to establish a Clear Desk and Screen Policy. Beyond just tidy classrooms and offices, this initiative protects sensitive student data and staff privacy.

The Keeping Children Safe in Education (KCSIE) 2025 document obliges schools and colleges in England to “ensure appropriate filters and appropriate monitoring systems are in place and regularly review their effectiveness”. This responsibility is now a standard, no just a technical tick box, but a core leadership and safeguarding function.

🛡️Are your School's Digital Gates Secure?  Governors are the gate keepers to cyber security. Today, as we celebrate School Governor's Day, it's the perfect time to ask the question that is critical right now: how do we protect our schools in a digital world?

📢📢 Come and register for our new Data Protection Education webinars for 2026!