Information governance advice for schools

​All schools in Northamptonshire are individually responsible for ensuring that they comply with the requirements of both the Data Protection Act (DPA) 2018 and the Freedom of Information Act (FOIA) 2000.

If you are unclear about your obligations under either legislation or would like more specific support with a particular Information Governance issue or request, please contact the Information Commissioner’s Office (ICO) on 0303 123 1113.

We are not legally obliged to provide support to schools or academies to assist them with enquiries under information disclosure legislation. However, to assist schools we have compiled the following table:

Data Protection Act 2018/General Data Protection Regulation

​ObligationMore Information
​Comply with the 7 Data Protection PrinciplesInformation Commissioner's Office (ICO)
​Do not hold personal data longer than necessaryRecords Management Toolkit for Schools published by the Information and Records Management Society
​Ensure your privacy notices make it clear how you will process personal data​Available from the Information Commissioner’s Office
​Individuals have a right to request a copy of the personal data that is held about them. Such requests should be processed to comply with the Data Protection Act​Read the ICO’s guidance on Subject Access Requests
​Maintain your Data Protection Registration with the Information Commissioner’s Office (ICO)​Read the ICO’s Notification Guidance

Freedom of Information Act 2000

​Obligation​More Information
​Apply exemptions appropriatelyInformation Commissioner's Office (ICO)
​Maintain a Publication Scheme​Read the ICO guidance on Publication Schemes
​Refusing a request appropriately​​Read the ICO guidance on refusing a request
​Respond to requests within 20 working days​Read the ICO guidance on handling a request