Data protection model policy

Last reviewed on 23 March 2022
Statutory/mandatory for: Maintained schools Academies Free schools Independent schools Sixth-form colleges Further education Pupil referral units Non-maintained special schools

Use our model data protection policy to keep yours up to date with the latest regulations and guidance. It'll save you time and help you stay compliant with this complex area.

Article tools

Contents

  1. Model data protection policy
  2. Updates to our policy
  3. Need to write or update privacy notices too?

Model data protection policy

Model policy - GDPR and data protection DOC, 236.5 KB


This model document is designed for you to adapt to suit your school’s context.

It was created in partnership with education lawyer and consultant Emma Swann, and has been approved by Forbes Solicitors.

A note on approval

Your data protection policy can be approved by the governing board, an individual governor or the headteacher, according to the DfE's guidance on statutory policies. However, your policy on the protection of children's biometric information should be approved by the governing board.

Because our model policy covers the protection of children's biometric information, we've stated (in section 19) that it'll be approved by the full board.

We've most recently updated out policy (23 March 2022) to remove links to the ICO's surveillance camera code of practice as it's out of date and no longer on the ICO website. Instead, we link to this guidance on video surveillance

Most popular

Also in 'Information management policies'