Re: Somebody somewhere sanctioned this
Again... PREVENT imposes a duty that could potentially conflict with GDPR. The main no-no isn't the sharing per se, but the none consultation with the nominated DPO for the organisation. GDPR isn't a big scary monster which will rip your head off if you include, say, the email address of the various departmental heads involved in the incident in a published PDF of the inquiry, but it does rather impose a procedure to follow to at least audit the decision trail saying if it's OK to do that or not. It's still early days, and they are still establishing a set of relevant "case law" that will act as a guide in future.