How does cyber security support data protection?

Two main things motivate cyber criminals, kudos and money. Whilst some just want to cause havoc, seek revenge or receive kudos from their peers, including your staff and pupils, most are in it for financial rewards.

These criminals make money directly from individuals or schools, usually by tricking people into paying money into their bank accounts or selling the personal data they accessed during an attack. Criminals wanting to sell personal data, attack schools with the single aim of accessing the data of pupils and staff, and this is where cyber security and data protection align.


The UK General Data Protection Regulation (GDPR) requires that personal data is processed securely, using appropriate technical and organisational measures. As schools come under attack more and more from cyber criminals, cyber security should be one of the approaches schools use to protect the data in their care.


Ways to align cyber security and data protection in your school

  1. Talk about cyber security and data protection together.
  2. Train your data protection lead in cyber security.
  3. Help people to understand that cybercriminals are predominately after personal data.

When a data breach needs to be reported to the Information Commissioner’s Office, they will ask you if a cyber attack caused it and what measures you have taken to contain it.


GDPR security outcomes

The National Cyber Security Council and Information Commissioner’s Office developed a set of GDPR security outcomes. This guidance provides an overview of what the GDPR says about security and describes a set of security-related outcomes for all organisations processing personal data. The approach is based on four top-level aims.

  • manage security risk
  • protect personal data against cyber attack
  • detect security events, and
  • minimise the impact

How can Secure Schools help?

At Secure Schools, we are experts in protecting your school from cyber crime. This includes supporting you to understand where the risks are in your networks and helping you to manage these risks, providing training to help everyone protect personal data and working with you to put processes and continuity plans in place if a cyber incident did happen.