Sharing information to safeguard children and young people in the education sector in the UK
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
What is the purpose of this guidance?
- This short guidance is for people and organisations in the UK who work in the education sector with children and young people under 18. It should help you feel confident to share personal information for safeguarding purposes.
- It complements our overarching guidance: A 10 step guide to sharing information to safeguard children. You should use both pieces together.
- It explains the data protection aspects of sharing information to safeguard children and young people; it’s not a guide to safeguarding practice.
Who is it for?
The education sector is broad, so the coverage of this guidance includes:
- schools and colleges in the private and public sectors;
- universities and other higher education organisations which have students who are under the age of 18, as well as activities such as summer schools hosted by external providers;
- nurseries, in both private and public sectors; and
- out-of-school settings, such as pre- and after-school clubs and other groups and activities.
We plan to produce guidance on sharing information for safeguarding purposes for other sectors which may also be useful once available. These are likely to cover sectors such as health, local authorities, and the voluntary, social and private sectors.
What do we need to know?
- Data protection is not a barrier to sharing information to safeguard children and young people; it gives you a framework to do it in the right way.
- In an emergency, don’t hesitate to share information to safeguard a child or young person.
- Don’t be afraid to share information when needed to safeguard children and young people. For example, in England, the Department for Education (DfE) is clear in its Keeping children safe in education guidance: “The Data Protection Act 2018 and UK GDPR do not prevent the sharing of information for the purposes of keeping children safe. Fears about sharing information must not be allowed to stand in the way of the need to safeguard and promote the welfare and protect the safety of children.”
- Use our 10 step guide and sharing information to protect a child infographic to help you. This includes using an appropriate lawful basis, and gives more details about that.
- Follow the guidance, training and procedures given to you by your organisation or regulatory body.
- If you don’t know or aren’t sure about what to do, ask your safeguarding lead, your data protection officer (DPO), your manager or organisational head for help.
- We’ve included examples in this guidance for a range of scenarios to help you think about your work.
- There are links in dropdown lists to external sources of guidance for England, Northern Ireland, Scotland and Wales.