UK GDPR: questions to ask your DPO

Find out what questions you can ask your data protection officer (DPO) and what to look for in the answers, so you're confident that your school or trust is compliant.

Last reviewed on 4 May 2023
School types: AllSchool phases: AllRef: 32870
Contents
  1. Ask for a UK GDPR report to governors
  2. Questions to ask

Need a UK GDPR refresh? Get a handle on it with our summary.

Ask for a UK GDPR report to governors

All schools must have a data protection officer (DPO) who takes responsibility for monitoring data protection compliance and has the knowledge, support and authority to do so effectively.

They should report to you on data protection matters, so you can assure yourself that your school or trust is compliant with the UK GDPR. If you haven't received a data protection report, ask for one. 

Here's a template report so you know what you need to see:

Download: template UK GDPR report to governors DOCX, 518.8 KB

Bear in mind that your DPO can report in whatever format they choose, so yours might look a little different from our template.

Receive a UK GDPR report at least annually Are updated whenever there is a data breach or other important development – in