A note on approval
Your school's data protection policy can be approved by the governing board, an individual governor or the headteacher, according to the DfE's guidance on statutory policies. However, the governing board should approve your school's policy on the protection of children's biometric information.
Because our model policy (provided by our sister service, The Key Leaders) covers the protection of children's biometric information, we've stated (in section 20 of the policy) that it'll be approved by the full board.
What this policy needs to do
Your school's/trust's policy needs to follow the requirements of:
- UK General Data Protection Regulation (UK GDPR)
- The EU GDPR was incorporated into UK legislation, with some amendments, by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020
- Data Protection Act 2018 (DPA 2018)
When you review your school's