The Information Commissioner’s Office (ICO) has issued new guidance aimed at helping schools, colleges and other education providers share personal information lawfully when safeguarding children and young people, emphasising that data protection law should be seen as a framework to support safeguarding, not a barrier to it.
The ICO said that its updated guidance for the education sector on sharing information to safeguard children and young people under 18 is designed to reassure organisations that UK GDPR and the Data Protection Act 2018 do not prevent the sharing of personal data where there are safeguarding concerns. The law, it said, remains unchanged and should be regarded as a structured framework to ensure that information is shared appropriately and securely. The guidance, published today, instead provides clarity and reassurance for education providers navigating the intersection of safeguarding duties and data protection obligations.
While the ICO said that education providers must identify the correct lawful basis before sharing information, it stressed that safeguarding concerns can provide a compelling justification under data protection law. The guidance includes sector-specific scenarios, such as sharing information about siblings at different schools or concerns raised by external agencies. These examples are intended to give practitioners confidence in applying the law to real-world safeguarding situations.
The guidance sits alongside the ICO’s existing 10-step guide to sharing information to safeguard children, which outlines broader data protection considerations for organisations working with children").
