Info Gov

The Information Commissioner’s Office (ICO) has issued new guidance aimed at helping schools, colleges and other education providers share personal information lawfully when safeguarding children and young people, emphasising that data protection law should be seen as a framework to support safeguarding, not a barrier to it.

The ICO said that its updated guidance for the education sector on sharing information to safeguard children and young people under 18 is designed to reassure organisations that UK GDPR and the Data Protection Act 2018 do not prevent the sharing of personal data where there are safeguarding concerns. The law, it said, remains unchanged and should be regarded as a structured framework to ensure that information is shared appropriately and securely. The guidance, published today, instead provides clarity and reassurance for education providers navigating the intersection of safeguarding duties and data protection obligations.

While the ICO said that education providers must identify the correct lawful basis before sharing information, it stressed that safeguarding concerns can provide a compelling justification under data protection law. The guidance includes sector-specific scenarios, such as sharing information about siblings at different schools or concerns raised by external agencies. These examples are intended to give practitioners confidence in applying the law to real-world safeguarding situations.

The guidance sits alongside the ICO’s existing 10-step guide to sharing information to safeguard children, which outlines broader data protection considerations for organisations working with children").

Also in this section

Jul 13, 2026

ICO refreshes law enforcement subject access guidance following DUAA 2025

The Information Commissioner's Office has updated its detailed guidance on the right of access under part 3 of the Data Protection Act 2018, incorporating the changes made by the Data (Use and Access) Act 2025 to how competent authorities handle subject access requests for law enforcement processing.
Jul 07, 2026

Section 166 application dismissed after ICO opens fresh investigations into school, council and diocese data sharing

The First-tier Tribunal (General Regulatory Chamber) has dismissed an application under section 166(2) of the Data Protection Act 2018 against the Information Commissioner, despite finding that the regulator's original response to a school employee's data sharing complaint was not an outcome to the Applicant's complaints, because a series of further investigations and outcome letters issued after…

InfoGov Masthead Newsletter 800