Veritau Learn

Definitions 2

Data Protection Officer >

All schools, whether maintained, independent or academy must appoint a Data Protection Officer (DPO).  A DPO must be an independent expert in data protection, who can inform and advise on your data protection obligations, monitor compliance and act as point of contact for the ICO.

Certain categories of personal information are deemed to be more sensitive than others and are therefore given more consideration under data protection legislation.

The European Convention on Human Rights highlighted many of these categories as deserving of special protection as there is a chance that processing these could potentially lead to a significant risk to peoples’ rights and freedoms – for example, discrimination or harassment.

< Special category data


  • Race and ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade Union membership
  • Processing of genetic data
  • Processing of biometric data
  • Physical or mental health
  • Sex life or sexual orientation

As a school it is likely that you will have a legitimate reason for processing special categories of information in particular about pupils and employees. Where you do process special category information you should:

  • Ensure that you have a lawful basis to process the information as specified in the legislation
  • Think about the security measures that you are applying to this information- how is it being stored and transmitted.

Genetic data = personal data relating to the inherited or acquired characteristics of a living person which provides unique information about the health or physiology of that individual. This includes biological samples)

Biometric data = for identification purposes (This includes use of thumbprint technology for payments/entry etc.)

Remember – although this is dealt with in a separate piece of legislation, you should also treat information regarding criminal convictions and offences as if they were ‘special category’.