You are here:

Last updated on 21 June 2018
Ref: 34232
School types: All · School phases: All

Schools must appoint a data protection officer (DPO) from May 2018 under the GDPR. There’s little authoritative, practical guidance on how to do this in a school, so read on for our experts’ recommendations on who to appoint depending on your context.

Article tools


  1. What are your options?
  2. Small schools
  3. Medium to large schools
  4. MATs and federations

The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence.