Entries by Tanya Taylor
Dear Educators, Meet the UK’s Cyber Bill
Educators often hear the terms information management and information security tossed around like interchangeable buzzwords. Spoiler alert: they’re not the same. Information management is about how data is handled, stored, and shared responsibly; information security is about keeping that data safe from prying eyes and malicious actors. But here’s the kicker – you can’t have […]
Is It in Your Interest? Understanding Legitimate Interests in the Age of Data Reform
Following on from our post around lawful basis in September, let’s dive in with a deeper look at legitimate interests. You’re sitting at your desk, reviewing your school’s privacy notice, and there it is again: “We process personal data where necessary for our legitimate interests.” It’s a phrase you’ve seen in countless templates, DPIAs, […]
DPIAs: The Devil is in the Details
Let me start with a little story. Picture this: a well-meaning school rolls out a shiny new classroom app. It promises real-time behaviour tracking, AI-generated performance reports, and parental push notifications. Everything’s going swimmingly until a parent complains. Loudly. They’re uncomfortable with how much data the app’s collecting on their child. A few emails later, […]
Sentry System Updates 2025
It’s that time of year again; when we pull back the curtain and let you in on everything we’ve been working on to make your Sentry System stronger, smarter, and even more aligned with your GDPR compliance needs. This past year, our focus has been on refining the tools that matter most to you: improving […]
“Lawful Basis for Processing in Schools & Universities: Which One Should I Use?”
Let’s be honest: when most of you became educators, you dreamed of inspiring minds, not mastering the fine print of data protection law. But here you are, in a post-GDPR, post-DUAA world, where understanding the “lawful basis for processing” is as crucial as remembering to take the register. The good news? While the Data (Use […]
FOIs: A Quick Guide to Processing in Education
September marks the start of a new school year and with it, we often see an influx of FOI requests. It usually starts with an email. The subject line is polite, official (possibly even a little dry): “Request under the Freedom of Information Act 2000.” You open it, wondering if it’s a mistake. It’s not. […]
“RoPA’s: Why Every School Needs to Get Their Data House in Order”
When I first mention a RoPA to staff in schools or multi-academy trusts, I usually get one of three responses: A) a knowing sigh, B) a panicked blink, or C) a hopeful, “Is that the thing we can outsource?” The truth is, a Record of Processing Activities (RoPA) sounds more bureaucratic than it actually is. […]
Data Use Complaint: A Story from the School Office
It begins with a simple email. “Dear Office, I’m concerned about the data collected by the new homework app. Could you let me know what’s being stored about my daughter, and whether we can opt out?” At first glance, your school administrator treats it as a routine enquiry. A parent, understandably cautious. The message gets […]
“You’ve Got (Subject Access) Mail!” – Navigating SARs in Schools Without Losing Your Sanity
Imagine it’s a rainy Thursday afternoon. You’ve just finished playground duty and you’re halfway through a lukewarm coffee when the email pings into your inbox. It’s a Subject Access Request (SAR), and not just any SAR, it’s one of those SARs: someone wants “all the information you hold about them.” Cue internal screaming. But don’t […]