BLS Stay Compliant

News and Information

School desks with black chairs

New guidance for data protection in schools

Updates issued by the Department for Education.

The UK Government’s Department for Education is responsible for children’s services, education and skills training from early years through to adults in higher education institutions and this includes supporting organisations to protect and support children. Within this, falls the remit of data protection; at the heart of many regulations set to safeguard and protect. 

The update to the Government policy on data protection in schools, released on 3rd February 2023, provides additional advice on what data protection means in schools, the responsibilities of each individual involved in information governance and the role of a Data Protection Officer (DPO). 

Information is also given on policies and procedures, including cyber security and privacy notices, as well as on managing a data breach if or when one occurs. This guidance gives suggestions on what to do when discovering a data breach, who to report it to and how best to minimise the impact of such a breach when considering the safeguarding of children.  

Case study examples have been included on how to maximise data protection practices to ensure compliance with legislation and peace of mind, with one Multi-Academy Trust explaining how recruiting an Information Governance Manager helped manage the data protection requirements and responsibilities across 36 locations.  

The updated guidance also issues instructions on how to deal with a request for personal data and data retention guidelines, all of which are essential elements to successful compliance with data protection legislation and, above all, ensuring the data you keep is secure.  

BLS Stay Compliant has considerable experience in the education sector, helping a range of organisations from early years settings, to multi-academy trusts and higher education institutions ensure their practices are compliant with legislation and offering peace of mind to those in charge or data protection. To hear more about how we can help, please get in touch.  

How can we help?


If staff are appropriately trained, any organisation is well on the way to compliance with data protection legislation. Training needs will vary according to size and type of care organisation and BLS can conduct a training needs analysis on your behalf if required.

Our open courses are available to any member of any organisation and run online throughout the year and may be the answer to your data protection gap. 

Alternatively, we can hold a bespoke course to fit you and ensure that all members of staff who have connection to the data you use, store and manage are appropriately trained at a time and place convenient to you.

See the links below to find out more on our training offerings, or to book an open course online.

Data Breach Management

No organisation is immune to a data breach and the consequences – and subsequent workload – can be extensive. BLS Stay Compliant are well versed in handling data breach incidents and can also help ensure measures are put in place to prevent future breaches.

If your organisation has suffered a data breach it is absolutely vital that you do not delay management.

Find out more about our data breach management service.

Subject Access Request Management

Dealing with subject access requests can be a time-consuming and labour intensive task and is also time sensitive under data protection legislation. 

BLS Stay Compliant can guide your organisation in responding to a SAR and can aid in setting up adequate practices should you receive one, including how to recognise a valid SAR. 

More information on our subject access request offering. 


The Information Commissioner’s Office (ICO) has the power to – and regularly does – audit any organisation to test data protection compliance. Our experts can conduct a thorough audit of your GDPR compliance and physical security, providing recommendations where necessary.

Find out more about our expert audit options.

Policy writing and reviews

Many organisations are not aware of what policies are required to ensure they are compliant with data protection legislation, or if they are in place, when they were last updated. 

Our policy writing and review service offers peace of mind that your policies are not only up to date, but you have a full suite in place for your requirements.

Find out more about policy writing and reviews. 

Managed Service

Our expertise, on call, whenever you need it.

Our popular managed service offering is a 360 degree approach to your data protection – covering all of the above and more within a package that suits your budget and other resources. 

We can act as your data protection officer, or other data protection related roles as required, or can simply act in the guidance position for any level of staff. 

Find out more about our managed service.

If we can offer any assistance with any of information, or other services as required, do get in touch via the form below.

Share this post