How to review your data protection policy

Read our model policy to see what good looks like, and use our set of key questions to make sure your school is complying with data protection laws. Get a sense of what a good personal data breach procedure includes using our model.

Last reviewed on 7 November 2023See updates
School types: AllSchool phases: AllRef: 38423
Contents
  1. Key facts
  2. What this policy needs to do
  3. 3 key questions to challenge the policy 
  4. Model data protection policy
  5. Updates to our policy
  6. Model personal data breach procedure
  7. Examples 

A note on approval

Your school's data protection policy can be approved by the governing board, an individual governor or the headteacher, according to the DfE's guidance on statutory policies. However, the governing board should approve your school's policy on the protection of children's biometric information. 

Because our model policy (provided by our sister service, The Key Leaders) covers the protection of children's biometric information, we've stated (in section 20 of the policy) that it'll be approved by the full board.

What this policy needs to do

Your school's/trust's policy needs to follow the requirements of:

When you review your school's