News & views on all things GDPR

“Miss, what’s GDPR? Is it a new exam board?” That question might have raised a chuckle back in 2018, when GDPR first arrived with its bundle of acronyms, policy updates, and general sense of urgency. But here we are in 2025, seven years on and the UK GDPR is no longer the new kid on […]

In today’s hyperconnected world, it’s not uncommon for children to be more tech-savvy than the adults around them. But behind every cute dance video or viral meme lies a sophisticated system of data collection and recommendation algorithms, Many of which are now under scrutiny. Recently, the UK’s Information Commissioner’s Office (ICO) launched formal investigations into […]

Imagine you’re sat in the staffroom, half-eaten biscuit in one hand, half-finished student spreadsheet on the screen. You scroll down a list of names, notes, and numbers, some of which, to your horror, date back to the year David Cameron was still Prime Minister. You mutter to yourself, Why do we still have this data? […]

There’s something unmistakable in the air when an inspection is on the horizon. You can feel the hum of preparation in every corridor; policies being printed, classroom displays getting a refresh, and colleagues exchanging knowing glances over the photocopier. It’s all hands-on deck, and every detail matters. But as walls are re-pinned and cupboards reorganised, […]

You’ve probably heard it by now, EdTech is booming. From lesson-planning AI to real-time behaviour tracking, schools across the UK are embracing technology faster than ever. Whether it’s a new learning app or a full-blown Management Information System (MIS), the promise is the same: smarter classrooms, less admin, and happier teachers. But here’s the thing, […]

If you’ve ever opened your inbox and seen a message from a parent asking for “all the information you hold on my child,” your first thought was probably: “Subject Access Request!” But hold on — not every request for pupil information automatically falls under the UK GDPR. Sometimes, it’s actually a request under education regulations, […]

It’s that time of year again. The weather’s warming up (at least in theory), the final exam papers are piling up in the staffroom, and the Year 11s, full of nervous energy, optimism, and just a hint of mischief, are preparing to say their goodbyes. It’s the season of leavers’ assemblies, nostalgic slide shows, and […]

There’s a certain kind of email that arrives in a school inbox that immediately raises eyebrows. It starts with something like: “Exciting news! We’re trialling new biometric scanners in the canteen to speed up lunch queues!” It’s followed by promises of efficiency, reduced lunch line chaos, and fewer forgotten PINs. On the surface, it sounds […]

Picture this: You’re clearing out a dusty old cupboard in the staffroom and stumble across a stack of paper files labelled “Year 11 – 2009”. A mix of test scores, behavioural logs, and, oddly, a permission slip for a trip to Alton Towers. Your first thought? How did this survive the last clear-out? Your second? […]

Last week, a news article popped up. “UK to overhaul privacy rules”. Naturally, it piqued some interest. The UK debated revoking the GDPR before they finished implementing it. By the time the GDPR came into effect in 2018, several years had passed since the UK announced its intention to leave the EU. However, we have […]

For today’s post, we’re taking a quick dive into the murky depths of Subject Access Requests. Imagine this scenario. One of your students, staff members, or anyone you might have information about is standing at the front desk, and they’re asking for all of their data. What do you do? What happens next? For many […]

  In schools, responsibility surrounding children’s mental health and wellbeing is clearly documented. Legislation such as the 1989 Children’s Act, and guidance such as “Keeping Children Safe in Education,” set out responsibilities of staff and governors. Furthermore, it is made abundantly clear that data protection concerns should not prevent action from being taken to support […]

  When you purchase a product or use a service, at some point you will probably receive a feedback form. It’s almost an inevitability. It might be a form that arrives on email, or an irritating pop-up in an app. Recently, if you use a smart speaker you may get a notification which proceeds to […]

Last Month, The U.K. Commissioner for Public Appointments posted an advertisement for a new Information Commissioner. Current Commissioner Elizabeth Denham announced previously that she was leaving her post in October, having overseen the UK’s transition to new data protection laws.   Whoever is hired will be stepping into quite a sizable pair of shoes. Data protection complaints doubled in 2018/19, from around 21,000 to […]

WhatsApp have spent the last month putting out self-inflicted fires. After a disastrous announcement of changes to their terms of service, the company have been scrambling to convince users to stick with the app. However, even with delayed implementation of the new terms of services, and hundreds of reassurances, their PR nightmare has prompted many […]

Today is Data Protection Day. It’s not on the front page of the papers, but you might see a little notification on the bottom of the Google Homepage. In 2007, the Council of Europe designated January 28th Data Protection Day (or Data Privacy Day in other parts of the world), to highlight the importance of […]

It has been a year of chaos. The Oxford English Dictionary usually nominate one word as ‘Word of the Year’. This year, there has been so much change that they couldn’t narrow it down to just one. “Covid-19, Lockdown, Anti-Maskers, Unmute” Not to forget “Bushfire” when millions of acres of Australian bushland burnt at the […]

Last week’s post briefly touched on how technological advances are providing new data protection challenges. Earlier this month, the 2020 Consumer Electronics Show (CES) showed the world the new smart devices we can expect to see filtering through the markets soon. There were many companion robots on show. For instance, Bellabot (a robot cat waiter […]

The UK government has not had a fantastic start to the year. The New Year’s honours list, a list of individuals receiving awards on New Year’s Day, was mistakenly posted with personal contact details of over a thousand people. While the document was only available for around an hour, many notable—and often controversial—figures had their […]

A report published last week by career focused social network LinkedIn, identified the “Emerging Jobs” of 2020 in the UK. The report, which can be found here, looks at the roles that are experiencing significant growth. At number one is “Artificial Intelligence Specialist”, confirming that this field is expanding out of the academic realm and […]

When you talk about data protection all day, every day, it’s easy to assume that everyone else does the same. Some of the terms and names used when referring to the new GDPR are not as clearly defined as they could be. So, this week we are looking at the role of a ‘data processor’ […]

Wednesday 23rd October 2019 Following on from our latest update last week, ‘How Brexit will affect GDPR’, as always with Brexit, there is another twist in the tail. In the increasing febrile corridors of Westminster, the latest set of proposals for an orderly Brexit offer a crumb of comfort from the perspective of data protection […]

On Wednesday 17th January, the Data Protection Bill completed its journey through the House of Lords and headed back to the Commons. This means it’s heading toward the last stages before it becomes law. Over the last few weeks I’ve been asked several times what the difference is between the Bill and the GDPR, also […]

Among all the questions about the impact of the GDPR, it’s interesting to see another perspective on concerns about personal data. This comes from consumers in the USA, a country with some mixed attitudes toward privacy in general. From a survey conducted in September 2017, PWC have produced a report for their Consumer Intelligence Series […]