GDPR Compliance for Schools

A summary of the key actions your school should take to comply with GDPR.

GDPR Compliance Checklist

This checklist is intended for use as a tool to assist schools in assessing their compliance with some of the key areas of data protection. However, the UK GDPR requires data controllers to integrate data protection concerns into every aspect of their processing activities. This approach is ‘data protection by design and by default’ and is a key element of the UK GDPR’s risk-based approach and its focus on accountability. In other words, data protection compliance is an ongoing work in progress. Your school should be mindful at all times of the ability to demonstrate compliance with the requirements of the UK GDPR.

GDPR Action Plan for Schools

The GDPR Action Plan for schools provides a summary of the key actions your school should take to prepare for GDPR.

ICO Registration for Schools

Under the General Data Protection Regulation (GDPR) each School is a Data Controller and, as such, all schools must register with the Information Commissioner’s Office (ICO) in order to comply with GDPR.

The cost of registration for most schools is £40 or £60 per annum depending on the number of school staff (fees are discounted by £5 if paid by direct debit). Registration must be renewed by each school annually.

The ICO hold a public register of all organisations and people registered under the Data Protection Act. If you are unsure whether or not your school is registered with the ICO you can check this online at or by telephoning the ICO at 0303 123 1113.

If your school has not already registered with the ICO you must do this urgently in order to meet your statutory obligations. Registration takes approximately 15 minutes and can be completed online on the ICO website.

Last updated: 16/01/2024