UK GDPR Policy Pack aids in complying with the UK GDPR, which is tailored by the Data Protection Act 2018. The UK’s data protection regime bring stronger, risk-based and a more consistent approach to processing personal data within the UK, as well as providing guidance on transfers and processing outside the UK. Our UK GDPR policies and procedures include the mandatory data protection policy documentation, including policies and procedures for data retention, breaches, subject access requests, international transfers, data portability, erasure and more.
Written in the first person and ready for corporate branding and customisation, our policies contain working procedures suitable for all industries and business types. Provided in Microsoft Office format and delivered after payment, the set also includes a GDPR Policy Template UK guidance document and our Information Audit template.
The Data Protection Policy (the Policy) ensures the Royal College of Obstetricians and Gynecologists' (the College) complies with Data Protection Law, namely the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (DPA) 2018. These set out the framework for how the UK processes personal data:
UK GDPR, enforceable in all EU member states from 01 January 2021, covers most of the legal obligations for processing personal data in the UK
DPIA enacts UK GDPR and replaces the DPIA 1998. It sets out:
how other information rights legislation (e.g. Freedom of Information Act 2000) interact with the new DPA and UK GDPR
how personal data must be processed in the UK where it doesn't fall within UK GDPR, e.g. immigration or national security matters
local rules for the UK that complement UK GDPR, e.g. additional measures required for the processing of special category personal data
the Information Commissioner’s Office’s (ICO) role, functions and powers.
The Data Protection Policy (the Policy) ensures the Royal College of Obstetricians and Gynecologists' (the College) complies with Data Protection Law, namely the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (DPA) 2018. These set out the framework for how the UK processes personal data:
UK GDPR, enforceable in all EU member states from 01 January 2021, covers most of the legal obligations for processing personal data in the UK
DPIA enacts UK GDPR and replaces the DPIA 1998. It sets out:
how other information rights legislation (e.g. Freedom of Information Act 2000) interact with the new DPA and UK GDPR
how personal data must be processed in the UK where it doesn't fall within UK GDPR, e.g. immigration or national security matters
local rules for the UK that complement UK GDPR, e.g. additional measures required for the processing of special category personal data
the Information Commissioner’s Office’s (ICO) role, functions and powers.
The Policy’s objectives are to:
comply with Data Protection Law, e.g. data protection impact assessments
meet our data protection standards, e.g. information sharing arrangements
protect the rights of our staff, officers, trainees, members, College representatives, suppliers, clients, customers and public users, e.g. procedures to govern Individual Rights’ request handling
protect the College from the risks of a data protection breach and related reputational, financial and legal damage, e.g. encrypt special category personal data.
Free #Desktopdata webinars, developed with the ICO to address a range of essential topics for GDPR cookie consent.
A GDPR toolkit of templates produced in partnership with Hugh James solicitors
A short film to raise awareness about the GDPR
An information sheet providing detailed guidance on the GDPR and the changes it has introduced
The toolkit is a package of GDPR templates and guidance that organisations can use to create their own policies and procedures. The toolkit includes:
Privacy notice template
Data Protection Impact Assessment template
Bring your own device for trustees and volunteers policy template
Data Retention guidelines for Human Resources data
GDPR compliance checklist
The lawful bases guidance
The guide to the General Data Protection Regulation contains:
information about cookie consent
an explanation of rights under GDPR
descriptions of special category and criminal offence data
guidance on protecting children’s data