Practical, inspection-ready UK GDPR compliance for schools, academies, and trusts — delivered by a qualified, senior privacy professional with local authority DPO service experience.
Data protection sits differently depending on your role in school. We've designed our offer around how compliance actually lands in practice.
You are accountable for data protection governance. Our packs give you defensible documentation and an inspection-ready evidence trail — without taking up your time or requiring specialist knowledge to implement.
Safeguarding and data protection overlap constantly. Our KCSIE mapping, DSAR procedures, and breach response tools are built to work alongside your safeguarding processes — not in tension with them.
Managing suppliers, processors, and contracts? Our Enhanced and Premium packs include lawful basis matrices, DPIA trigger tools, and governance sign-off pages designed for your accountability structure.
Inspection-ready, fully editable Word documents tailored to schools. Choose the depth of coverage your setting needs.
Get compliant documentation in place quickly with a clear, inspection-ready baseline.
Everything in Core, plus operational procedures and evidence tools to embed compliance day-to-day.
Core and Enhanced implemented and tailored to your school — not templates, but your documents.
Compliance is not a one-time event. Our retainer services keep your school's data protection live, governed, and responsive throughout the year.
Confidence on demand. Q&A, template guidance, and light document reviews by email with one short advisory call per month if needed. Includes a 30-minute onboarding call to understand your current position. Rolling monthly — no minimum term. Unused time does not roll over.
Compliance kept live. Covers supplier and processor reviews, DPIA input, full data subject rights guidance (including SAR, erasure, and objection), and breach support. Includes a monthly governance check-in call with a written summary of actions and upcoming deadlines. Quarterly compliance status report for governors. 3-month minimum term.
Full oversight and named adviser contact. Includes everything in Active, plus: a rolling evidence review against your inspection index, annual staff data protection training session (in person or virtual), a formal annual compliance report for governors, and priority response within 4 working hours for urgent matters. ICO enquiry support included. 3-month minimum term.
"Most schools don't have a data protection problem. They have a clarity problem."
Prime Data Compliance was built on real experience inside schools and local authority DPO services. We understand what headteachers, DSLs, and SBMs are actually dealing with: limited time, competing safeguarding pressures, and guidance that was written for lawyers — not practitioners.
Our approach is direct. We produce documentation that staff can actually follow, workflows that sit alongside safeguarding rather than complicating it, and evidence that stands up to Ofsted, ICO, and governance scrutiny.
Under UK GDPR, your child's school holds personal information about your family. You have rights over how that information is used — and schools are legally required to respect them.
Schools must tell you what personal data they hold about you and your child, why they hold it, who they share it with, and how long they keep it. This information should be in the school's privacy notice.
You can submit a Subject Access Request (SAR) to ask for a copy of personal data the school holds about your child. The school must respond within one month. There is no charge for most requests.
If you are not satisfied with how a school has handled your data, you can raise a complaint with the school's Data Protection Officer, then escalate to the ICO (Information Commissioner's Office) at ico.org.uk.