David T. Blonder, Data Protection Officer, BlackBerry

With the education sector battling funding cuts the Department for Education has recommended addressing the shortfall by being as cost-effective as possible.

Whether it’s changing stationery suppliers, finding cheaper utility providers, or simply reducing headcount – Principals and CEOs are having to ensure that they’re not only providing the best education for students, but that they're smarter with budgets too.

The General Data Protection Regulation (GDPR), which came into effect on 25 May this year is only adding to the pressure. There has been a lot of hype and discussion surrounding the regulation, but most of it relates to the potentially eye-watering fines, of up to £17 million, that huge corporates could face should they fall foul of the regulations.

While less has been said about the education sector we cannot downplay the fact that institutions pressured to cut costs can’t afford to receive fines associated to the GDPR.

The need to take steps to ensure compliance and safeguard the data of young people is also a necessity, as it carries some of the most sensitive Personally Identifiable Information (PII) data on students.

Act now to mitigate risk

It’s expected that most GDPR fines will come as a result of poor data protection and breaches of confidentiality, and therefore administrators should be provided with training to understand what data they hold, how it is owned or used and where it is stored.

Knowing this will help to identify the gaps that exist and understand what robust controls should be in place to manage the data. Implementing this process will allow the organisation to document every data decision in the style of an audit trail, which will become essential should they be asked to prove compliance.

This best practice is one that all companies should carry out at regular intervals to ensure that gaps in compliance have not opened up as systems evolve.

However, managing data protection in the education sector is very different to the corporate world, as schools have a natural cycle of PII that will become redundant as learners graduate or move on.

A process should be implemented to ensure that data which is no longer required is removed, while still taking other industry regulations and acts into account.

For example, the Children & Social Work Act 2017 requires all students who received care to receive support from a Personal Adviser (PA) until they reach the age of 21, and so there is reason for that data to be held for a longer period

Education establishments should also be vigilant about shadow IT, with unapproved resources, such as interactive classroom apps being downloaded to the network which could present risks.

Teachers are naturally focused on providing the best education they can to their students and may feel justified in sourcing material from as wide a range of source as possible, regardless of technology policies.

They may not recognise the risk some of these workarounds can create for data privacy, but regular training and information on the need for compliance will help to control how data is being created and used, and therefore, make compliance easier.

Advice from an ethical hacker

If processes have been put in place to address GDPR, but administrators remain unsure whether they are GDPR compliant, an ethical hacker could be strategically used to expose potential flaws in data protection.

There is no one size fits all approach. Each educational organisation is different and will require a compliance practice to fit its particular tools and processes. This is where an ethical hacker can make all the difference.

Their goal is to ensure the institution’s data is secure and defend systems by mimicking the efforts of real-world hackers. They can detect and document potential GDPR risks and advise on actionable insight into how the organisation can overcome the issues.

The ethical hacker can also take the lead to provide training for teachers. By using the same tactics and tools used by malicious hackers, they can con employees over email and scan their network for vulnerabilities and information they’ve downloaded to alert them of the data protection violations they could be facing.

While this technique may seem invasive, it often highlights vulnerabilities that a check-box approach simply can’t. The more hands-on nature of the exercise also helps teachers and administrators gain a better understanding of the risks involved when storing and sharing data, as well as making them accountable to GDPR weaknesses.

Understanding educational data

For GDPR compliance to be successful, processes need to align with how an organisation already operates rather than making fundamental wholesale changes – such an upheaval would create unmanageable workloads and leave the regulation not being adopted.

Compliance should focus on what the provider is already doing, identify gaps and implement updates to procedures to match the requirements of the GDPR. Institutions should also note that some data within education does not fall under GDPR, as it is mandatory for the establishment to function.

For example, consent would not need to be obtained to process data that needs to be provided to the Department of Education, as part of the census, as this is a legal obligation.

However, consent would need to be obtained when collecting parents’ email addresses if they want to send emails to them, as there is no specifically articulated lawful basis to process this data without obtaining consent.

Having clear processes and training in place to ensure data is protected adequately but legal obligations are not hampered is critical to successful compliance.

With GDPR in force and headlines reporting on how many organisations have not yet fully prepared, now is the time for colleges and training providers to take action on being compliant, as well as sustain on-going data protection best practice.

Working with an ethical hacker and providing compliance training to teachers is one such option to help prepare and offset a potential breach.

If a breach incident does occur that results in an unlawful disclosure of PII, the ICO is likely to favour an institution that has demonstrated its efforts to take their responsibilities under GDPR seriously and done all that’s expected to protect the personal data of their students.

David T. Blonder, Data Protection Officer, BlackBerry

Copyright © 2018 FE News

*This article is for informational purposes and does not constitute legal advice.

You may also be interested in these articles:

Register, Login or Login with your Social Media account:


Upcoming FE Events

Advertiser Skyscrapers

Latest Education News

Further Education News

The FE News Channel gives you the latest education news and updates on emerging education strategies and the #FutureofEducation and the #FutureofWork.

Providing trustworthy and positive Further Education news and views since 2003, we are a digital news channel with a mixture of written word articles, podcasts and videos. Our specialisation is providing you with a mixture of the latest education news, our stance is always positive, sector building and sharing different perspectives and views from thought leaders, to provide you with a think tank of new ideas and solutions to bring the education sector together and come up with new innovative solutions and ideas.

FE News publish exclusive peer to peer thought leadership articles from our feature writers, as well as user generated content across our network of over 3000 Newsrooms, offering multiple sources of the latest education news across the Education and Employability sectors.

FE News also broadcast live events, podcasts with leading experts and thought leaders, webinars, video interviews and Further Education news bulletins so you receive the latest developments in Skills News and across the Apprenticeship, Further Education and Employability sectors.

Every week FE News has over 200 articles and new pieces of content per week. We are a news channel providing the latest Further Education News, giving insight from multiple sources on the latest education policy developments, latest strategies, through to our thought leaders who provide blue sky thinking strategy, best practice and innovation to help look into the future developments for education and the future of work.

In May 2020, FE News had over 120,000 unique visitors according to Google Analytics and over 200 new pieces of news content every week, from thought leadership articles, to the latest education news via written word, podcasts, video to press releases from across the sector.

We thought it would be helpful to explain how we tier our latest education news content and how you can get involved and understand how you can read the latest daily Further Education news and how we structure our FE Week of content:

Main Features

Our main features are exclusive and are thought leadership articles and blue sky thinking with experts writing peer to peer news articles about the future of education and the future of work. The focus is solution led thought leadership, sharing best practice, innovation and emerging strategy. These are often articles about the future of education and the future of work, they often then create future education news articles. We limit our main features to a maximum of 20 per week, as they are often about new concepts and new thought processes. Our main features are also exclusive articles responding to the latest education news, maybe an insight from an expert into a policy announcement or response to an education think tank report or a white paper.

FE Voices

FE Voices was originally set up as a section on FE News to give a voice back to the sector. As we now have over 3,000 newsrooms and contributors, FE Voices are usually thought leadership articles, they don’t necessarily have to be exclusive, but usually are, they are slightly shorter than Main Features. FE Voices can include more mixed media with the Further Education News articles, such as embedded podcasts and videos. Our sector response articles asking for different comments and opinions to education policy announcements or responding to a report of white paper are usually held in the FE Voices section. If we have a live podcast in an evening or a radio show such as SkillsWorldLive radio show, the next morning we place the FE podcast recording in the FE Voices section.

Sector News

In sector news we have a blend of content from Press Releases, education resources, reports, education research, white papers from a range of contributors. We have a lot of positive education news articles from colleges, awarding organisations and Apprenticeship Training Providers, press releases from DfE to Think Tanks giving the overview of a report, through to helpful resources to help you with delivering education strategies to your learners and students.


We have a range of education podcasts on FE News, from hour long full production FE podcasts such as SkillsWorldLive in conjunction with the Federation of Awarding Bodies, to weekly podcasts from experts and thought leaders, providing advice and guidance to leaders. FE News also record podcasts at conferences and events, giving you one on one podcasts with education and skills experts on the latest strategies and developments.

We have over 150 education podcasts on FE News, ranging from EdTech podcasts with experts discussing Education 4.0 and how technology is complimenting and transforming education, to podcasts with experts discussing education research, the future of work, how to develop skills systems for jobs of the future to interviews with the Apprenticeship and Skills Minister.

We record our own exclusive FE News podcasts, work in conjunction with sector partners such as FAB to create weekly podcasts and daily education podcasts, through to working with sector leaders creating exclusive education news podcasts.

Education Video Interviews

FE News have over 700 FE Video interviews and have been recording education video interviews with experts for over 12 years. These are usually vox pop video interviews with experts across education and work, discussing blue sky thinking ideas and views about the future of education and work.


FE News has a free events calendar to check out the latest conferences, webinars and events to keep up to date with the latest education news and strategies.

FE Newsrooms

The FE Newsroom is home to your content if you are a FE News contributor. It also help the audience develop relationship with either you as an individual or your organisation as they can click through and ‘box set’ consume all of your previous thought leadership articles, latest education news press releases, videos and education podcasts.

Do you want to contribute, share your ideas or vision or share a press release?

If you want to write a thought leadership article, share your ideas and vision for the future of education or the future of work, write a press release sharing the latest education news or contribute to a podcast, first of all you need to set up a FE Newsroom login (which is free): once the team have approved your newsroom (all content, newsrooms are all approved by a member of the FE News team- no robots are used in this process!), you can then start adding content (again all articles, videos and podcasts are all approved by the FE News editorial team before they go live on FE News). As all newsrooms and content are approved by the FE News team, there will be a slight delay on the team being able to review and approve content.

 RSS IconRSS Feed Selection Page