Best Practice Update

    You are here:  
  1. Home
  2. Best Practice Update
  3. Navigating Privacy at the End of Term , Special Occasions and End of Year
Various end of term and cyber attack images, School's Out text, and Data Protection Education Logo
Best Practice Updates

Navigating Privacy at the End of Term , Special Occasions and End of Year

We've updated our end of term and end of year guidance, alongside advice for privacy considerations for special occasions (which also normally occur at the end of term).
There are several areas to consider around these times, including general routines for clearing up old data that won't be needed next year or might need to be moved to archive, to sharing information during special occasions:

Special Occasions

This might include the school nativity and sharing performance information

Nativity scene in glitter (child like) on a yellow back ground

Considerations around sharing and celebrating these special occasions on social media:
Laptop computer with the DPE Knowledge Bank Dashboard on the display

End of Term/Year Routines

At the end of every term/year there are routines around data to consider:

The end of term checklist covers aspects of data minimisation for the end of term, what should you get rid of? What should you keep? This and other checklists can be found in the Schools and Trusts Best Practice Area. Unlike some of our other checklists, it is possible to create one for the end of each term so you can keep a record of what procedures were carried out.

There is both an online version and downloadable version available to customers:
  document End of Term Checklist (46 KB) (printable document)

DPE customers can get started on completing the End of Term checklist here:
End of Term Checklist (online)

End of Year Memorabilia


We are often asked about how to use names in year books and hoodies etc.  Further advice can be found about that here:


Subject Access Requests

We see a surge in subject access requests at the end of every term.  What can we do if the SAR arrives on the last day of term? The 30 day time limit for a subject access request does not warrant an extension.  It is important that the school/trust discuss the situation with the data subject if they feel they will not meet the deadline.  On occasion, where the data is unavailable because the school is completely closed, it may be possible to agree with the requester that it will be dealt with by a certain deadline upon the schools return.  It is always worth remembering that they are not obliged to agree and all effort to respond as soon as possible should be made.  If you are a Data Protection Education customer then please contact us for support and help with this, email us at This email address is being protected from spambots. You need JavaScript enabled to view it. 

Further guidance about what to do when you receive a SAR can be found here:
Image of a hand holding a phone with a white keyboard and the word 'Access'


Cyber Attacks

We also see an increase in Cyber Attacks because threat actors know that systems might be unmonitored for a number of days/weeks.  Often staff return after a holiday period to find hackers have been accessing their server and/or systems for a while and have since encrypted and prevented access with a ransom demand.   Ensure that you have:
  • A Business Continuity plan and Cyber Response plan in place
  • There is a named contact that is available in case of an incident, and they understand how and who to contact for support.
  • That there is a backup plan in place with a practised recovery.
Further guidance about this can be found in the DfE Digital Standards Cyber Security document.

Ensure you have assigned an SLT Digital Lead in your organisation as this will help to achieve the standard and ensure you have the correct processes in place.

Review additional advice here:
children in front of a laptop, harry the hacker and DPE logo on the back of the laptop, infront of a computer screen with lots of computer text about cyber attacks and data breaches



Answer a sample end of term question:

Are devices such as laptops, iPads and mobile phones collected and arrangements made for the device to be wiped for the next member of staff?

Invalid Input

Amazing, you have ticked off an important item on the end of term checklist:
For further help and guidance and access to the full checklist, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..



Wiping devices between staff/student members is crucial.  Contact your SLT digital lead, data protection lead or DPO so that this procedure can be reviewed inline with the DfE Digital Standards for Schools and Colleges:

Clipart cartoon with headphones on Please contact us for more help and advice about data protection compliance and cyber security standards: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice. 

 

Try asking the data protection lead in your organisation, or SLT digital lead or contact your DPO:

We can provide help and guidance with data protection compliance, cyber security standards and records management: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice.
©2024 Data Protection Education Ltd.

Search

  • News