We are so excited to have achieved the CAFOD: 'Live Simply' award! Visit our RE Life page to read more
Home Page

Holy Family

Catholic Primary School

Living, Loving, Learning as followers of Jesus Christ


Data Protection in Schools



The Data Protection Act is designed to protect the privacy of individuals. It requires any personal information about an

individual to be processed securely and confidentially. In a school setting, this includes information relating to both staff

and pupils. If you must obtain, store, share, or use their personal data, it’s crucial that you so so securely, as personal data

is sensitive and private. Everyone, adults and children alike, has the right to know how the information held about them is

used and to feel confident that your school is protecting it.


Personal information is anything relating to a person that identifies them. This includes both physical records and digital records.

In a school, examples of personal information include:


  • Names of staff and pupils.
  • Dates of birth.
  • Photographs of staff and pupils that are clearly linked to their identity or other personal information about them.
  • Addresses.
  • National insurance numbers.
  • Financial information, such as bank details and tax status.
  • Recruitment data.
  • Attendance and behavioural information.
  • Safeguarding information, including SEN assessments and data.
  • School work and marks.
  • Medical information, such as medical conditions and GP names.
  • Exam results.
  • Staff development reviews.


Under the Data Protection Act, all data controllers must notify the Information Commissioner’s Office (ICO) about how they process personal information. Each individual school is a data controller and so must register with the ICO. Failure to do so is a criminal offence.