Last reviewed on 23 March 2022
Statutory/mandatory for: Maintained schools Academies Free schools Independent schools Sixth-form colleges Further education Pupil referral units Non-maintained special schools

Use our model data protection policy to keep yours up to date with the latest regulations and guidance. It'll save you time and help you stay compliant with this complex area.

Model data protection policy


This model document is designed for you to adapt to suit your school’s context.

It was created in partnership with education lawyer and consultant Emma Swann, and has been approved by Forbes Solicitors.

A note on approval

Your data protection policy can be approved by the governing board, an individual governor or the headteacher, according to the DfE's guidance on statutory policies. However, your policy on the protection of children's biometric information should be approved by the governing board.

Because our model policy covers the protection of children's biometric information, we've stated (in section 19) that it'll be approved by the full board.

We've most recently updated out policy (23 March 2022) to remove links to the ICO's surveillance camera code of practice as it's out of date and no longer on the ICO website. Instead, we link to this guidance on video surveillance