Data Protection for Schools

Data Protection for Schools
£25 +VAT

Under the Data Protection Act 2018 and the GDPR, all schools are classified as data controllers, because they hold large amounts of personal information about pupils, members of staff, parents, governors, and visitors. As a result, schools are required to appoint a data protection officer, and must comply with the law for all data processing activities - these include collecting, storing, sharing, and using data.

This Data Protection for Schools course explains what your responsibilities are under the UK data protection law and the EU GDPR, and will help you understand the steps you should take to ensure that your school’s data processing activities are secure and legally compliant.

  • Developed by a qualified legal professional
  • Accredited by CPD
  • Fully online course and assessment with no time limits
  • Full audio voiceover
  • Approximate duration: 2-3 hours
  • On completion, certificate is posted the next working day

Who should take this course?

All schools are data controllers and process large amounts of data about their students, staff, and parents, so it is vital that every member of staff understands how to process that data securely and in line with the law. Data Protection for Schools is suitable for staff working in a school environment at all levels, and no previous knowledge is required. It is suitable for both data controllers and data processors.

If you use the internet as part of your day to day work then you may also be interested in taking our Cyber Security Training.
If you don’t work in education and are part of another organisation, including charities, professionals, sole traders and membership organisations, then you should take our Data Protection Training Course instead.


CPD Approved

All of our courses are accredited by the CPD Certification Service as conforming to universally accepted Continuing Professional Development (CPD) guidelines.

On successful completion of the course you will be sent a quality assured certificate through the post the next working day. This can be used to provide evidence for compliance and audit. 

This certificate does not have an expiry date. However, based on industry best practice guidelines, the recommended renewal period for this training is 2 years. We will print this recommended renewal date on your certificate.

Meet Our Experts

High Speed Training is proud to work with experts in education to create content that is up to date, relevant and practical. By taking a course with us, you can be confident that you and your staff will have the knowledge to safely carry out your jobs using best industry practice.

Screenshots (click to view)

If you wish to try this course then register for a demo by clicking the 'interactive demo' button. You will be given the option to purchase and continue with your course at the end of your demo!

Interactive Demo

Course content


What is data protection?, key definitions, GDPR - what is it? and will Brexit affect it?, the Data Protection Act 2018, and a case study.

2The Principles of Data Protection

Fair, lawful, and transparent processing, purpose limitations, data minimisation, accuracy, data retention and storage, sharing data, data security, and accountability.

3Legal Grounds for Processing and Obtaining Consent

Collecting data, performance of a contract, legal compliance, vital interests and public interest, legitimate interests, obtaining consent, photographs, CCTV and biometrics, methods for obtaining consent, withdrawing consent and existing consent.

4Data Subject Right

Data subject rights, access rights, the right to be forgotten, the right to restriction and rectification, and the right to object, data portability, and automated processing.

5Data Protection Responsibilities Who has responsibility for data protection? Data controllers, data processors, data protection officers, data protection by design and default, data security, reporting breaches, transferring data and consequences of non-compliance.

 Download Course Overview (PDF)

Aims of the course

By completing this course, you will:

  • Understand the key terms used in data protection law.
  • Understand your school's responsibilities under the GDPR and the Data Protection Act.
  • Have knowledge of the principles of data protection that all schools - and all school staff - must adhere to.
  • Understand the lawful grounds for processing personal information.
  • Understand how to obtain consent from data subjects, including students, parents, staff, governors, and anyone connected to the school.
  • Have an understanding of data subject rights, including access rights and the right to be forgotten.
  • Recognise the responsibilities of your school as a data controller, and understand the roles and responsibilities of data processors and your Data Protection Officer.
  • Understand how to ensure data security and report personal data breaches.
  • Be familiar with the consequences of non-compliance.


The online assessment is taken on completion of the training material. You will be asked 20 multiple choice questions with a pass mark of 80%. The answers are marked automatically so you will instantly know whether you have passed. If you don't pass don't worry! You can take the test as many times as you need with no extra charge.