In this sixth blog in the series we look at User Privileges, following the guidance from the UK National Cyber Security Centre (NCSC). We explore how schools can reduce the likelihood and impact of a cyber attack through effective use of user ...

To comply with section 6.9 - 6.12 of the Academies Financial Handbook, Multi-Academy Trusts (MATs) must be aware of the risk of fraud, theft and irregularity. Cyber security is specifically referenced by the Education & Skills Funding Agency (ESFA) ...

Cyber Security Guidance from the Charity Commission

In this fifth blog in the series, we look at Incident management, following the guidance from the UK National Cyber Security Centre (NCSC). We explore how schools can ensure that with well structured, clearly written incident plans and procedures, ...

In May 2018, the Information Commissioner's Office (the UK data protection supervisory authority) published guidance on the completion of data protection impact assessments (DPIAs). The guidance is nothing new; it summarises the European Data ...

The GDPR makes it a requirement for all public authorities (state funded schools) to have a designated Data Protection Officer (DPO). All other types of school must document and undertake an internal analysis to determine whether a DPO needs ...

After months of waiting, the GDPR is recognised into law across the EU. Within the UK this was through the Data Protection Act 2018 and in countries across the EU, through similar legislation. In countries outside the EU, the obligations of the GDPR ...

The Information Commissioner's Office (the UK data protection supervisory authority) last week published its Regulatory Action Policy. The policy has been created to provide direction and focus for those they regulate, specifically the action that ...