Last reviewed on 8 March 2023
Statutory/mandatory for: Maintained schools Academies Free schools Independent schools Sixth-form colleges Further education Pupil referral units Non-maintained special schools

Use our model data protection policy to keep yours up to date with the latest regulations and guidance. It'll save you time and help you stay compliant with this complex area.

Model data protection policy

This model document is designed for you to adapt to suit your school’s context.

It was created in partnership with education lawyer and consultant Emma Swann, and has been approved by Forbes Solicitors.

A note on approval

Your data protection policy can be approved by the governing board, an individual governor or the headteacher, according to the DfE's guidance on statutory policies. However, your policy on the protection of children's biometric information should be approved by the governing board.

Because our model policy covers the protection of children's biometric information, we've stated (in section 20) that it'll be approved by the full board.

Need to write or update privacy notices too?

Visit this article to download our model privacy notices for: 

  • Parents/carers
  • Pupils
  • Staff
  • Governors, trustees and volunteers
  • Job applicants
  • Visitors
  • Suppliers
  • Alumni