Data protection: toolkit for schools

Guidance to support schools with data protection activity, including compliance with the General Data Protection Regulation (GDPR).


Data protection: toolkit for schools

Data protection: annual review checklist

This file may not be suitable for users of assistive technology.

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email . Please tell us what format you need. It will help us if you say what assistive technology you use.


To meet the General Data Protection Regulation (GDPR), which came into force in May 2018, all organisations handling personal data, including schools, need to have the right governance measures.

This guidance will help schools develop policies and processes for data management, from collecting and handling the data through to the ability to respond quickly and appropriately to data breaches.

We have made changes to the toolkit following feedback received from schools and other interested parties.

We will continue to use feedback to improve and update the toolkit. Please send any comments to with the subject heading ‘GDPR toolkit feedback’.

Published 23 April 2018
Last updated 14 September 2018 + show all updates
  1. Updated toolkit to include version history.

  2. Updated the safeguarding, consent, retention, data protection officer and data breaches sections of the toolkit. Also added new resources in the document.

  3. First published.