π Guidance for Data Sharing with School Immunisation Services
January 7, 2025
Before Christmas, the Department for Education (DfE) provided updated guidance on sharing personal data to support school immunisation programmes. Immunisation programmes are often scheduled early in the academic year and prompt a plethora of questions from schools about data sharing. This updated guidance should answer most of those questions ahead of future immunisation programmes.
Data protection in schools – Sharing personal data – Guidance – GOV.UK
Below, we summarise the key points of the guidance and outline actions school leaders should consider:
Data Sharing Responsibilities
Schools must provide certain data to School Age Immunisation Service (SAIS) teams to support immunisation efforts. This includes:
Sharing information leaflets and consent forms with parents or carers.
Providing a list of eligible children and young people, along with their parents’ or carers’ contact details, to the SAIS team.
Consent for Vaccinations
The sharing of contact details does not equate to consent for immunisation. Vaccines will only be administered with explicit consent from parents or carers.
Lawful Basis for Data Sharing
The guidance confirms that sharing this data is lawful under Article 6(1)(e) of the UK GDPR. This article permits processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority. Specifically:
Sharing data with immunisation teams is in the public interest.
Supporting public health initiatives falls under the schoolβs official authority.
Data Protection Laws and Public Health
Data protection laws do not prohibit sharing personal data where it is fair, lawful, and appropriate. In this instance, sharing data with immunisation teams is both lawful and beneficial.
Β
To align with the updated guidance, schools should take the following steps when the next immunisation programmes are imminent:
Β
Review Policies and Agreements
Ensure that existing data-sharing agreements are up to date and compliant with UK GDPR. Clearly define what data will be shared, with whom, and for what purpose. These agreements are usually provided by the local SAIS team prior to sharing the data at the start of the programme.
Communicate with Parents and Carers
Inform parents and carers about the schoolβs role in supporting immunisation programmes. Share information leaflets and consent forms well in advance of the programme.
Document the Data Sharing Process
Maintain clear records of the data-sharing process, including what data was shared, when, and with whom. This can be logged as a Data Decision on the SchoolPro data protection portal and will support accountability and transparency.
Provide Staff Training
Ensure that staff involved in data handling and sharing understand the lawful basis for this activity and are familiar with data protection best practices.
Monitor and Review
After the immunisation programme, review the data-sharing process to identify any areas for improvement. Use these insights to refine practices for future programmes.
Our team is here to help. If you have any other questions about this or any other data protection topic, please contact us atΒ DPO@schoolpro.uk.
Stay safe and healthy,
The SchoolPro TLC Team
SchoolPro TLC Ltd (2025)
SchoolPro TLC guidance does not constitute legal advice.
SchoolPro TLC is not responsible for the content of external websites.
For a confidential conversation about the needs of your school or organisation, please contact SchoolPro TLC using the links below. Based in Gloucestershire, available anywhere in the UK!
SchoolPro TLC Limited was formed by school and education leaders with over 60 years of experience across all stages of education and in a variety of contexts. The company founders have worked to improve educational provision as both senior leaders and school governors.
Monday β Friday : 8am β 6pm
Β© 2025 SchoolPro TLC β All Rights Reserved