Templates, Guides and Forms

Schools should be aware that there are circumstances where consent may be required to use pupils’ personal information. The guide below sets out when consent may be required and how it should be obtained and recorded. It also includes useful template forms that can be adapted for use by schools when seeking consent.

Following the recent GDPR workshops with schools, EA has begun to develop a set of FAQs to address a range of queries that have been raised by Principals and others.  This document will be updated regularly.

The GDPR Action Plan for schools provides a summary of the key actions your school should take to prepare for GDPR.

Each School must have a Data Protection Policy. Please find a template below. You should download the template, read and review it and revise the relevant highlighted sections. 

Please note: you will need to revise the Data Protection Policy depending on whether or not you have chosen to use EA as your Data Protection Officer (DPO). This is clearly explained in the actual Data Protection Policy template itself.

All Schools

Controlled Schools

Maintained Schools

Voluntary Grammar/Grant Maintained Integrated/Grant Maintained Irish Medium

Where schools are collecting personal information through paper or electronic forms, a Data Protection Statement must be included. Below is a template statement which schools can use on data capture forms.

The Data Protection Statement informs people of the reasons why schools are collecting information and what the purpose is. It also directs people to where they can find further information in relation to schools’ privacy information.  

Reporting a personal data breach

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Many personal data breaches are accidental, for example sending personal data to an incorrect recipient or the loss of a file or computing device containing personal data, while others are deliberate such as unauthorised access by a third party.

If you believe that a personal data breach may have occurred you should report this to your school’s Data Protection Officer (DPO) immediately. If your school has appointed the Education Authority (EA) as its DPO, it should report any data breaches to EA’s Information Governance (IG) team. It is crucial that breaches are reported as soon as a breach becomes known in order that any remedial actions can be taken at once.  To report a breach to EA please download the data breach report form below, complete the form providing as much detail as possible and return to the IG team following the instructions on the bottom of the form.

If your school has appointed EA as its DPO, the IG team will provide support and advice in the event of a data breach.  The team will assist in considering whether the breach poses a risk to people and the likelihood and severity of the risk to people’s rights and freedoms following the breach.  Not all data breaches are reportable to the Information Commissioners Office (ICO).  However if it’s likely there will be a risk to individuals then the ICO must be notified. If your school has appointed EA as its DPO, the IG team will manage the reporting of all notifiable breaches to the ICO.

The ICO has published a helpful pack of materials including posters and leaflets which can be printed and used in school to remind staff of the need to carefully handle personal information.

EA has developed some useful resources which can be printed and used in school to remind staff of the need to carefully handle personal information.