SignalOther/ 16 August 2026/ 1 min read
The Information Commissioner's Office has stepped up enforcement against EdTech vendors handling pupil data since 2023. Specific concerns: behavioural-analytics products processing pupil data without adequate data-protection impact assessments, age-appropriate-design-code compliance failures, and inadequate safeguarding-of-children integration.
The Information Commissioner's Office has stepped up enforcement against EdTech vendors handling pupil data since 2023. The framework is the Children's Code (the Age Appropriate Design Code), which sets standards for online services likely to be accessed by children. The Data Protection Act 2018 provides the underlying authority.
Specific concerns the ICO has flagged in published guidance and enforcement: behavioural-analytics products processing pupil data without adequate Data Protection Impact Assessments (DPIAs); insufficient transparency to pupils and parents about how data is used; default-on profiling settings; sharing pupil data with third parties for purposes beyond the educational service.
Three implications for EdTech vendors selling into UK schools:
First, DPIAs are not a procurement formality. The buying school is the data controller and the vendor is the processor; the school is responsible for the DPIA but cannot complete it without vendor input. Vendors who pre-build comprehensive DPIA support material compress procurement materially. Vendors who treat DPIAs as the school's problem face cycle delays.
Second, age-appropriate-design must be evidenced in product, not just claimed in marketing. The ICO has shown willingness to investigate vendors whose marketing claims age-appropriate-design that the product does not implement. Vendors should align design, configuration defaults, transparency notices, and product behaviour with the Children's Code.
Third, sub-processor and data-sharing scrutiny is rising. Schools and trusts increasingly ask detailed questions about which third parties process pupil data, where the data goes, and what controls are in place. Vendors should expect this scrutiny and prepare accordingly.
The ICO has signalled continued focus on EdTech in its published regulatory priorities. Vendors should treat the regulatory environment as tightening, not stable. Investing in compliance evidence and product-level alignment is increasingly a commercial necessity, not a defensive luxury.
Signal
AI tooling has begun to reshape how UK B2B sellers practise the methodologies they have been trained on. Specific patterns: AI-augmented MEDDPICC scoring against deal data, AI-driven discovery question suggestions, AI-summarised call analysis against methodology checkpoints, AI-generated business cases and value framing. The methodologies themselves are largely unchanged; the practice of them is being rebuilt around AI augmentation.
Explained
There is no universally best sales methodology. The right choice depends on segment, deal size, cycle length, buyer sophistication, team experience, and existing infrastructure. A practitioner walkthrough of the choice criteria, with honest assessment of where each major methodology fits.
Explained
GAP Selling (Keenan, 2018) is a problem-centric sales methodology that emphasises deep discovery of the gap between the buyer's current state and desired future state. The methodology pushes hard against feature-led pitching: the seller must understand the buyer's situation more thoroughly than competing methodologies typically demand. Adopted by a meaningful share of UK B2B SaaS sales teams since 2020.