Sensitive data from more than a dozen UK schools has been stolen in a ransomware attack, the BBC has reported. The compromised information includes children’s special education needs, passport scans, staff pay scales and contract details. Initial reports indicated that no...
The education sector is among the most vulnerable to data breaches across the globe, accounting for 172 publicly disclosed security incidents last year. Only the public sector was worse affected, according to data from our sister company IT Governance, which reviewed...
Every exam season, schools receive questions and complaints about the way they handle students’ personal data. What information are they allowed to share? What rules must they be aware of when processing or publishing exam results? The introduction of the GDPR...
The education sector is often cited as one of the most vulnerable to ransomware, but a new report has revealed just how damaging the threat is. Jisc’s Cyber Impact Report 2022 found that UK educational institutions spend £2 million on average...
The education sector was responsible for at least 172 data breaches in 2021, making it the second most vulnerable to security incidents. Only the public sector (263) suffered more publicly disclosed data breaches last year, according to data from our sister...
Schools share personal data with suppliers all the time, but because of the rules imposed by the GDPR (General Data Protection Regulation), they need to be careful about the way they use that information. The GDPR extends the scope of responsibility...
If your school is a maintained school or academy, then it is classed as a public authority and, under the GDPR, must appoint a DPO. This person is responsible for monitoring the application of the Regulation and advising and guiding the...
The data protection policy is the foundation of a school’s compliance with the UK GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, and from which other policies, procedures and processes are based. It is an internal document that...
The GDPR (General Data Protection Regulation) outlines six lawful bases for processing personal data. In this blog, we look at one that’s causing a lot of problems for schools – processing that’s “necessary for the performance of a task carried out...