Home / Knowledge / Schools: are you ready for the new data protection complaints rules?

Schools: are you ready for the new data protection complaints rules?

11th June 2026
by Tina Morris

The deadline is approaching fast. Are you prepared?

 

From 19 June 2026, the Data (Use and Access) Act 2025 (DUAA) will require schools, academy trusts and colleges to operate a clear, accessible and effective process for handling data protection complaints.

The ICO has made it clear: no exemptions for education providers. Every organisation must have a workable, compliant complaints route in place.

Why this matters

  • A strong complaints process is more than a compliance tick-box. It helps schools respond consistently, reduce escalation and demonstrates to parents, staff and regulators that concerns will be handled properly and in a timely manner.
  • Failing to act now risks complaints being mishandled and potentially investigated externally.

What’s changing

  • The DUAA complaints rules are expected to take effect on 19 June 2026.
  • Schools must allow people to raise data protection concerns, acknowledge complaints within 30 days, and address them without undue delay.

Complaints may arise from:

  • Subject Access Requests (SARs)
  • Data breaches
  • Inaccurate or mishandled records
  • Information sharing concerns
  • Data retention issues

If someone believes their personal data has been handled incorrectly, you must be ready to respond quickly, clearly and consistently.

What you should you do now

To stay compliant, you should:

Review your policies immediately

Ensure your complaints policy, privacy notices and procedures clearly cover:

  • Data protection complaints
  • Responsibilities and ownership
  • Timescales and escalation routes

Train your staff

Make sure all staff:

  • Can identify a data protection complaint
  • Know how to escalate it
  • Understand who is responsible for handling it
  • Receive refresher training every 1–2 years

Implement a consistent process

You must be able to:

  • Log complaints systematically
  • Acknowledge within 30 days
  • Investigate thoroughly
  • Respond promptly
  • Record outcomes and actions taken

If your current process isn’t clear and consistent, it isn’t compliant.

How we can help

  • Review your complaints framework
  • Identify gaps and risks
  • Update policies and procedures
  • Ensure your processes are practical, compliant and ready

If you are unsure whether your current processes meet the new requirements, we’re here to help. Get in touch with Tina Morris at tinamorris@schofieldsweeney.co.uk

Related

We’re here for you – contact us today

0300 124 0406
enquiries@schofieldsweeney.co.uk

Contact Us

Bradford office

Church Bank House
Bradford
West Yorkshire
BD1 4DY

What3words - names.frosted.broke Phone: 01274 350 800 Fax: 01274 306 111

Leeds office

Centura
76 Wellington Street
Leeds
West Yorkshire
LS1 2AY

What3words - crass.makes.store Phone: 0113 849 4000 Fax: 0113 243 9326

Huddersfield – Appointment only

To make an appointment, please call us on the number below. Phone: 0300 124 0406

London office

33 Bedford Row
London
WC1R 4JH Phone: 020 8146 5119
Copyright © Schofield Sweeney Solicitors. All Rights Reserved.

Schofield Sweeney LLP is authorised and regulated by the Solicitors Regulation Authority.

Website by Tall
Conveyancing Quality