Data Protection for Schools

Duration 2 hours

Last audited 19th August 2025

For me

For teams

100% online training
Start when you like
Learn on any device (desktop, mobile or tablet)
Instant assessment and result

1 learner per course
Train teams of all sizes
Bulk discounts starting at 10% off 10 courses
Pay by invoice with 30 day payment terms available (5+ courses)

£25 +VAT

include vat

Includes a 10% discount for 10+ courses

Under the Data Protection Act 2018 and the GDPR, all schools are classified as data controllers, because they hold large amounts of personal information about pupils, members of staff, parents, governors and visitors. As a result, schools are required to appoint a data protection officer, and must comply with the law for all data processing activities - these include collecting, storing, sharing and using data.

This Data Protection for Schools course explains what your responsibilities are under the UK data protection law and the EU GDPR, and will help you understand the steps you should take to ensure that your school’s data processing activities are secure and legally compliant.

100% online training

Access anywhere

Same day digital certificate

Printed certificate posted next working day

Full audio voiceover

Assessment retakes at no extra cost

Developed by a qualified legal professional

Accredited by CPD

Earn 2 CPD points on completion

Bulk discount for orders of 10+ courses

Accreditations
Course Content
Reviews
Suitable for

Bigger orders = bigger discounts

Save on our courses when you buy more training upfront. Lock in a better price now and access the training whenever you need to. You can mix and match any of our courses too and get the discount off your whole order.

10+ courses = 10% off
50+ courses = 20% off
100+ courses = 30% off
500+ courses = 40% off

What you'll learn

By completing this course, you will:

Understand the key terms used in data protection law.
Understand your school's responsibilities under the GDPR and the Data Protection Act.
Have knowledge of the principles of data protection that all schools - and all school staff - must adhere to.
Understand the lawful grounds for processing personal information.
Understand how to obtain consent from data subjects, including students, parents, staff, governors and anyone connected to the school.
Have an understanding of data subject rights, including access rights and the right to be forgotten.
Recognise the responsibilities of your school as a data controller, and understand the roles and responsibilities of data processors and your Data Protection Officer.
Understand how to ensure data security and report personal data breaches.
Be familiar with the consequences of non-compliance.

Training you can trust

Accredited by CPD

All of our courses are accredited by the CPD Certification Service as conforming to universally accepted Continuing Professional Development (CPD) guidelines.

Recommended renewal:

2 years

What does this mean? This certificate does not have an expiry date, however, based on industry best practice guidelines there is a recommended renewal period.

Module 1: Introduction

What is data protection?, key definitions, GDPR - what is it?, GDPR and Brexit, legal requirements, policies and notices and case study.

Module 2: The Principles of Data Protection

Fair, lawful, and transparent processing, purpose limitations, data minimisation, accuracy, data retention and storage, sharing data, data security, and accountability.

Module 3: Legal Grounds for Processing and Obtaining Consent

Collecting data, performance of a contract, legal compliance, vital interests and public interest, legitimate interests, obtaining consent, photographs, CCTV and biometrics, methods for obtaining consent and withdrawing consent.

Module 4: Data Subject Rights

Data subject rights, access rights, the right to be forgotten, the right to restriction, rectification and objection, data portability and automated processing.

Module 5: Data Protection Responsibilities

Who has responsibility for data protection? Data controllers, data processors, data protection officers, data protection by design and default, data security, reporting breaches, transferring data and consequences of non-compliance.

Download Course Overview (PDF)

The online assessment is taken on completion of the training material. You will be asked 20 multiple choice questions with a pass mark of 80%. The answers are marked automatically so you will instantly know whether you have passed. If you don't pass don't worry! You can take the test as many times as you need with no extra charge.

All schools are data controllers and process large amounts of data about their students, staff, and parents, so it is vital that every member of staff understands how to process that data securely and in line with the law. Data Protection for Schools is suitable for staff working in a school environment at all levels, and no previous knowledge is required. It is suitable for both data controllers and data processors.

If you use the internet as part of your day to day work then you may also be interested in taking our Cyber Security Training.

If you don’t work in education and are part of another organisation, including charities, professionals, sole traders and membership organisations, then you should take our Data Protection Training Course instead.

Written by experts

Darren Rose CIPP/E, BEng is a Certified Information Privacy Professional with a BEng in Electronic Engineering. He currently acts as a Data Protection Officer for maintained schools and businesses, a privacy consultant to the independent school sector, and a school compliance advisor covering data protection, Ofsted, SEND, behaviour, and attendance.

In addition to his work with schools, Darren advises small businesses on data protection, IT solutions, and disaster recovery planning. He is a former School Governor, a guest conference speaker for the Headmasters' and Headmistresses' Conference (HMC), and serves as a guest trainer and preferred GDPR consultant for the Independent Schools Association (ISA).

Darren has published several articles on data handling risks and has extensive experience in school operations, compliance, and data protection.