You are here:

Last reviewed on 25 March 2021
Ref: 41707
Statutory/mandatory for: Maintained schools Academies Free schools Independent schools Sixth-form colleges Further education Pupil referral units Non-maintained special schools

Use our model data protection policy to keep yours up to date with the latest regulations and guidance. It'll save you time and help you stay compliant with this complex area.

Model data protection policy

Model policy - GDPR and data protection

This model document is designed for you to adapt to suit your school’s context.

It was created in partnership with education lawyer and consultant Emma Swann, and has been approved by Forbes Solicitors.

A note on approval

Your data protection policy can be approved by the governing board, an individual governor or the headteacher, according to the DfE's guidance on statutory policies. However, your policy on the protection of children's biometric information should be approved by the governing board.

Because our model policy covers the protection of children's biometric information, we've stated (in section 19) that it'll be approved by the full board.

Updates to our policy

Policy section What's changed? Why? Section 1  Removed links to EU legislation and replaced with a reference to 'UK data protection law' To keep all

More from The Key


Bitesize training with a big impact

Our on-demand training has your whole board covered and lets them learn at a time and pace that suits them.

Help your new governors hit the ground running with our expertly-designed induction training, and our role-specific courses support your link governors develop key skills and confidence in their role.


New eLearning: DSL refresher training

Your DSL’s training should be refreshed at least once every 2 years. 

Designed in collaboration with safeguarding experts, our 2.5 hour online refresher training course reminds DSLs how to put their knowledge into practice, with in-depth, real-world scenarios.