NYES Digital Support


Cloud Services and the Data Protection Act

The Department for Education has issued advice for schools on cloud software services and the Data Protection Act.

The advice “outlines how schools need to consider data security when moving services and sensitive information to the internet-based facilities of cloud computing”, the DfE said.

The publication, which can be viewed here, covers:

  • Data protection obligations;
  • Key obligations for schools: overarching legal requirements; data processing; data confidentiality; data integrity; service availability; data transfers beyond the European Economic Area; use of advertising;
  • Self-certification and how it works: supplier responsibilities; the Department for Education’s role;
  • Using checklists; supplier checklists; accessing further information.

The advice applies to all maintained schools, academies and free schools.


A major outcome of this DFE advice is self-certification checklists that companies supplying cloud software services can complete. Schools can use these lists to help them decide if they are happy to make use of a company’s services with reference to data protection. Links to these checklists can be found towards the end of the above mentioned publication in the section listed Supplier Checklists


Other Useful Links

Data Protection Information on the GOV.UK website

The Data Protection Act

The Data Protection Principles

Cloud software services and the Data Protection Act – DFE Publication

Microsoft Trust Centre – Information about Office 365