Skip to main content
Share via Share via Share via Copy link

KCSiE 2026: Online search requirements for schools softened

13 July 2026
Dai Durbridge and Claire Archibald

The online check requirement in the latest Keeping Children Safe in Education guidance (KCSiE 2026) has been watered down or clarified, depending on your perspective.

We expected the Department for Education (DfE) to clarify that online searches should include a check of public-facing social media accounts. Instead, a small tweak has, perhaps, moved us in the other direction.

We have set out in other articles our position on the importance of getting this requirement right and including social media checks, so we will not repeat it here. Instead, as with all the other articles on the KCSiE 2026 changes, let's focus on what you need to do now.

What does the updated paragraph 299 say?

Paragraph 299 reads: "…As part of the shortlisting process, schools and colleges should consider carrying out a search (via an online search engine) as part of their due diligence on the shortlisted candidates."

Under the 2025 guidance, schools were under a duty to consider carrying out this check via an "online search" rather than "(via an online search engine)."

Why is this a significant change?

For those of you who carry out these checks by starting with a search engine, nothing has really changed. However, many schools and trusts use dedicated platforms to conduct thorough searches of an individual's publicly available online activity, providing a far wider review of content.

These platforms are not an "online search engine", so the question is: can schools and trusts still lawfully use them now that the guidance specifies use of an online search engine?

In short, yes, they can. From a data protection perspective, schools and trusts using a platform to carry out more thorough searches can rely on Legitimate Interest as their lawful basis of processing and must carry out a Legitimate Interest Assessment (LIA) to justify that decision.

What is a Legitimate Interest Assessment and who is responsible?

An LIA is a documented risk assessment that demonstrates your compliance under UK GDPR when processing personal data. It helps ensure that your data processing is lawful and will not cause unjustified harm to individuals' fundamental privacy rights.

Designated Safeguarding Leads (DSLs) and/or recruitment leads should liaise with their Data Protection Officer (DPO) to ensure the LIA is completed correctly and in detail. It is not a complicated task, but getting it right is important for compliance with data protection laws.

If you need support with your LIA, please get in touch with us.

Contact

Contact

Dai Durbridge

Partner

dai.durbridge@brownejacobson.com

+44 (0)330 045 2105

View profile Connect on LinkedIn
Can we help you? Contact Dai

Claire Archibald

Legal Director

claire.archibald@brownejacobson.com

+44 (0)330 045 1165

View Profile
Can we help you? Contact Claire

You may be interested in