UK GDPR FOR SCHOOLS
Data protection,
done properly.
Practical, inspection-ready UK GDPR compliance for schools, academies, and trusts — delivered by a qualified, senior privacy professional with local authority DPO service experience.
Qualified
CIPP/E · CIPM
Sector
Education
Coverage
UK-wide
ICO Registered
ZB######
CIPP/E Certified
.
CIPM Qualified
.
ICO Registered
.
Local Authority DPO Experience
.
Ofsted-Ready Documentation
.
Schools-Specific UK GDPR
.
Safeguarding-Aligned Compliance
.
CIPP/E Certified . CIPM Qualified . ICO Registered . Local Authority DPO Experience . Ofsted-Ready Documentation . Schools-Specific UK GDPR . Safeguarding-Aligned Compliance .
Built for your role
Who this is for
Data protection sits differently depending on your role in school. We've designed our offer around how compliance actually lands in practice.
Leadership
Headteachers & SLT
You are accountable for data protection governance. Our packs give you defensible documentation and an inspection-ready evidence trail — without taking up your time or requiring specialist knowledge to implement.
Safeguarding
DSLs & Data Leads
Safeguarding and data protection overlap constantly. Our KCSIE mapping, DSAR procedures, and breach response tools are built to work alongside your safeguarding processes — not in tension with them.
Governance & Operations
SBMs & Trust Leads
Managing suppliers, processors, and contracts? Our Enhanced and Premium packs include lawful basis matrices, DPIA trigger tools, and governance sign-off pages designed for your accountability structure.
Documentation & packs
Inspection-ready, fully editable Word documents tailored to schools. Choose the depth of coverage your setting needs.
Ready-to-deploy compliance packs
Core
£695
Single school licence · One-off
Get compliant documentation in place quickly with a clear, inspection-ready baseline.
Master Data Protection Policy (2026)
Records of Processing Activities (ROPA) template — Article 30
Data retention schedule (DfE-aligned)
Staff privacy notice
Governor & trustee privacy notice
Job applicant / recruitment privacy notice
Pupil privacy notices (Primary, Secondary, Special)
Staff quick-reference sheet
Governance approval & review log
SAR / DSAR procedure pack
Data breach procedure
KCSIE mapping
School-specific tailoring
MOST POPULAR
Enhanced
£950
Single school licence · One-off
Everything in Core, plus operational procedures and evidence tools to embed compliance day-to-day.
Everything in Core Pack
SAR / DSAR procedure pack
Full data subject rights procedures (erasure, rectification, restriction, objection)
Data breach & incident procedure
DPIA checklist + "when to DPIA" triggers
Lawful basis matrix (schools)
KCSIE mapping (data protection interface)
Article 28 processor agreement template
Data sharing agreement template
Supplier / processor register template
School-specific tailoring
DSL briefing call
Premium
£1,950
Single school licence · One-off
Core and Enhanced implemented and tailored to your school — not templates, but your documents.
Everything in Enhanced Pack
Full school branding & contextual tailoring
School-tailored ROPA (populated for your setting)
LA-maintained vs Academy-specific wording
CCTV policy (where applicable)
Photography & video consent framework
Headteacher / DSL briefing call
Post-implementation review call (4–6 weeks)
Staff data protection awareness resource
Ofsted-ready evidence checklist & index
12-month compliance roadmap
Governor/Trustee sign-off page
Priority email support (30 days)
Advisory retainers
Ongoing support services
Compliance is not a one-time event. Our retainer services keep your school's data protection live, governed, and responsive throughout the year.
Essentials
£350 / month
1 hour / month · Response within 2 working days
You are accountable for data protection governance. Our packs give you defensible documentation and an inspection-ready evidence trail — without taking up your time or requiring specialist knowledge to implement.
DSLs & Data Leads
£750 / month
3 hours / month · Response within 1 working day
Compliance kept live. Covers supplier and processor reviews,
DPIA input, full data subject rights guidance (including SAR, erasure, and objection), and breach support. Includes a monthly governance check-in call with a written summary of actions and upcoming deadlines. Quarterly compliance status report for governors. 3-month minimum term.
Assured
£1,250 / month
5 hours / month · Priority response within 4 hours
Full oversight and named adviser contact. Includes everything in Active, plus: a rolling evidence review against your inspection index, annual staff data protection training session (in person or virtual), a formal annual compliance report for governors, and priority response within 4 working hours for urgent matters. ICO enquiry support included. 3-month minimum term.
PDC
Your Name Here
Founder, Prime Data Compliance
CIPM
CIPP/E
ICO Reg.
"Most schools don't have a data protection problem. They have a clarity problem."
Prime Data Compliance was built on real experience inside schools and local authority DPO services. We understand what headteachers, DSLs, and SBMs are actually dealing with: limited time, competing safeguarding pressures, and guidance that was written for lawyers — not practitioners.
Our approach is direct. We produce documentation that staff can actually follow, workflows that sit alongside safeguarding rather than complicating it, and evidence that stands up to Ofsted, ICO, and governance scrutiny.
QUALIFICATIONS
CIPP/E (Certified Information Privacy Professional, Europe)
CIPM (Certified Information Privacy Manager)
ICO REGISTRATION
ZB######
Registered data protection officer
SECTOR EXPERIENCE
Local authority schools DPO service
In-school operations & governance
Public, private & third sector
COMPANY
Registered in England & Wales
Company No. [XXXXXXXX]
Data rights
For parents & carers
Under UK GDPR, your child's school holds personal information about your family. You have rights over how that information is used — and schools are legally required to respect them.
01
The right to know
Schools must tell you what personal data they hold about you and your child, why they hold it, who they share it with, and how long they keep it. This information should be in the school's privacy notice.
02
The right to access
You can submit a Subject Access Request (SAR) to ask for a copy of personal data the school holds about your child. The school must respond within one month. There is no charge for most requests.
03
The right to complain
If you are not satisfied with how a school has handled your data, you can raise a complaint with the school's Data Protection Officer, then escalate to the ICO (Information Commissioner's Office) at ico.org.uk.