This template Data Protection Policy sets out the rights of data subjects and the obligations of a business as a data controller under the UK's data protection legislation (including the UK GDPR and the Data Protection Act 2018), setting out a number of organisational and procedural measures to help ensure compliance.
This Data Protection Policy is highly detailed, aiming to reproduce key parts of the GDPR Policy Template UK in order to assist in the UK GDPR compliance and learning process throughout your business. Nevertheless, please note that training remains essential and that all personnel handling personal data within your business should be fully aware of the UK GDPR and its principles, as well as the procedures in place within your business.
This document is designed for business use only, and certain provisions of the UK GDPR relating to public authorities and other official bodies have not been fully incorporated.
Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.
This document is also available in the UK GDPR & Data Protection group.
This Data Protection Policy Template contains the following provisions:
1. Introduction
2. Definitions
3. Scope
4. The Data Protection Principles
5. The Rights of Data Subjects
6. Lawful, Fair, and Transparent Data Processing
8. Specified, Explicit, and Legitimate Purposes
9. Adequate, Relevant, and Limited Data Processing
10. Accuracy of Data and Keeping Data Up-to-Date
11. Data Retention
12. Secure Processing
13. Accountability and Record-Keeping
14. Data Protection Impact Assessments and Privacy by Design
GDPR is a relatively new law that brings data regulations into the digital age by strengthening the rights of ordinary citizens in relation to how information is gathered about them.
GDPR policy applies to a range of services and technologies, including:
Internet shopping
Smartphone apps
Website contact forms
Social media.
One of the biggest changes introduced by the GDPR Training is the extra level of scrutiny and responsibility placed on organisations. There are stiff penalties for data protection and privacy breaches. If you don’t have a GDPR policy, your organisation could be fined up to €20m, or 4% of its turnover.
In order to remain compliant, businesses, charities, education, and healthcare establishments, and government agencies must draw up GDPR policy documentation. This documentation is taken as working proof that an organisation has plans in place to protect personal data and privacy.
The GDPR is designed to protect EU and UK citizens’ data. If EU Representatives and UK visitors use your website, it should be GDPR compliant.
This applies to everything from your documentations to the way your web forms work.
We recommend that you consult a lawyer to determine your position.
In order to demonstrate compliance with the GDPR, organisations will be expected to produce two things:
A data protection policy
At least one privacy policy.
You can use templates for these as long as the content is accurate.
Once you have determined the types of information to include in your GDPR policy, you might want to use a template to create your own. Templates are a good idea because:
Your policy is a legally binding document and most templates will have been developed by people with appropriate legal expertise relating to the GDPR cookie consent (although this can’t substitute legal advice)
Templates will cover all the sections and information the regulations state must be included, so you can easily see what’s missing
Templates will help you organise the large volumes of information you have, keeping procedural detail separate and creating a final document that is clear, logical and workable.
Writing a GDPR policy is a case of combining the right documents and ensuring that you have provided all the information you need to provide.
A template can get you part way there. But you may need someone to help you bring it all together.
The business writers here at Red Robot would be happy to help. Please contact us today to get a quote and schedule a review of your GDPR documentation content.