School Data Protection Compliance Pack

Due to overwhelming demand by schools, we are pleased to announce the launch of 3 new products to assist the school comply with the Data Protection Act. First and second, a School Data Protection Policy (one for staff and one for parents/pupils). Thirdly, a Data Processor Agreement. All 3 products will help you comply with the legal obligation to keep personal data secure and to ensure staff reliability. (Principle 7 of the Data Protection Act). To find out why these are legal essentials, see below. Order form and price list are attached. There is a discount if you purchase all 3 products.

Key Features

- Prepared by specialist data protection lawyers specifically for schools
- Free legal updates for 12 months
- Accompanied by detailed Management Guides
- Customise to suit your own school's requirements
- Available in electronic format only
- Tailored for the varying legal requirements between maintained and independent schools
- No Quibble Money Back Guarantee if not satisfied

What is Available?

1. Workforce Data Protection Policy

What Does the Data Protection Policy Contain? The Data protection Policy is there to explain to staff how the school expects them to handle and protect personal data. All staff handling personal data should have access to a copy and be informed about amendments. Our policy allows you to further tailor it to reflect the operation of your school. Our policy not only covers the basics of data protection law but also includes the current data protection flash points such as the use of IT equipment both onsite and away from school, (including the use of laptops, USB memory sticks and mobile/smart telephones) and the dissemination of personal data including photographs through social networking sites such as Facebook.

Our Policies come with detailed management guidance and include 12 months free updates.

Why Does the School Need A Data Protection Policy? The Data Protection Act requires the school, as a Data Controller, to take organisational steps to keep personal data secure and to take reasonable steps to ensure that all staff handling personal data are reliable. (Principle 7 Data Protection Act 1998) Having a Data Protection Policy helps the school meet both of these objectives and is something that the UK data protection regulator looks for when investigating breaches.

Why Use our Policy? Our Data Protection Policy has been prepared by specialist data protection lawyers that understand the law as it applies to schools. Unlike generic "off the shelf" policies, ours is tailored to different types of schools and the geographical location of the school. This is because the application of the law varies depending on whether you are in the maintained or independent sector as well as your geographical location. As you would expect, the content is bang up to date.

2. School Data Protection Policy (for Pupils & Parents)

We also offer a version of our Data Protection Policy for pupils and parents. Make this available in Reception, New Starter Induction packs, your Prospectus and on your Website. It will send a clear message to those that matter that your school understands and complies with data protection law. It will explain how the school meets its obligations under the Data Protection Act and how Data Subjects i.e. Pupils and parents may exercise their legal rights under the legislation. It also explains (where applicable) the parental legal right of access to their child's educational record as provided by The Education (Pupil Information) Regulations 2005. Also included is a sample policy on photographs and video taken at school and the publication of images on social networking sites such as Facebook.

3. Data Processor Agreement for External Outsourcing of Processing of Personal Data

Did you know that in some cases when someone outside the school is able to access personal data controlled by the school e.g. A supply / peripatetic teacher, an IT company and in some cases external biometrics companies, the school is automatically in breach of the Data Protection Act if it doesn't have a written contract with the external organisation that contains certain clauses? (Known as a Data Processor Agreement.)

What is a Data Processor Agreement and Why are they Essential?

When the school outsources the processing of personal data to an external organisation or individual, in order to comply with the Data Protection Act, the school, as Data Controller of the personal data needs to have a written contract with the contractor which contains clauses. Firstly, the contract must contain key contractual provisions relating to data security. Secondly the contract must require the external organisation to only process the data on your instructions. (This prevents them from using school data for their own purposes or selling it on.) Most contractors' contracts do not contain these clauses, leaving the school potentially in breach of the Data Protection Act.

Our sample Data processor Agreement contains the minimum clauses required by the Data Protection Act and additional optional obligations which we strongly recommend be imposed upon school contractors. Eg. The requirement to return data to the school after the end of the contract.

The Data Processing Agreement comes with a detailed Management Guide and 12 months free updates.

How do I get more information?
If you would like to talk to us about the Compliance Pack for Schools please call us on 01386 793632 or email us at

How to Order

01386 793632

By Post
Complete the order form and post to

The Information Law Practice
Training Division
Mistletoe House
Rous Lench
WR11 4UW

By Fax            
Complete the order form and fax to
01386 661111

By Email            
Complete the order form and email to