Webinar Recap: UK GDPR in Education Update since the Data Usage and Access Act (DUAA) June 2025

Key points:

• Overview of Data Usage and Access Act (DUA) 2025 Changes: Donna and Jo led a detailed session for school staff on the key changes introduced by the Data Usage and Access Act (DUA) of June 2025, focusing on its impact on the education sector, including new requirements for handling children’s data, subject access requests, and complaints procedures.
• Subject Access Requests – New Provisions and Practical Guidance: Donna and Jo discussed the DUA’s new provisions for subject access requests, including the ‘stop the clock’ mechanism, the requirement for reasonable and proportionate searches, and the introduction of a refined request form to streamline the process for schools.
• Children’s Data and Online Services – Compliance and Risk Assessment: Jo and Donna outlined the DUA’s enhanced focus on children’s data in online services, stressing the need for schools to ensure compliance with age-appropriate design codes, conduct risk assessments for new digital platforms, and update asset registers accordingly.
• Artificial Intelligence (AI) in Schools – Data Protection and Acceptable Use: Jo provided an in-depth overview of the implications of AI in schools, including the risks of using generative AI with personal data, the need for clear acceptable use policies, and the importance of transparency and human oversight in AI-assisted processes.
• Electronic Complaints Form and Handling Data Protection Complaints: Donna introduced a new electronic complaints form for schools to manage data protection complaints, explaining the process, response timelines, and the rationale behind this change in light of ICO backlogs.
• Data Security, File Management, and Proactive Compliance: Jo and Donna discussed best practices for data security and file management, the importance of regular audits and asset register updates, and encouraged schools to adopt a proactive rather than reactive approach to data protection.