Data Protection Policy Updates
When thinking about your business’s data protection compliance, a key document that should be considered early on is a Data Protection Policy. This central policy serves as a reference point for the essentials of compliance with the UK GDPR and other key data protection and privacy legislation such as the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations, as well as a jumping-off point for other, more focused policies.
A range of template Data Protection Policies is available, including a standard version which incorporates key sections of the UK GDPR in order to assist in the data protection compliance and learning process throughout your business across a range of departments. Other variants include those tailored to the handling of your employees’ personal data, versions designed to accommodate working from home, and short-form versions designed to make the policy as a whole a little easier to use.
Updates for the ICO’s New IDTA
The range of Data Protection Policy templates has been updated with reference to two new documents available from the Information Commissioner’s Office: the International Data Transfer Agreement (IDTA) and the International Data Transfer Addendum to the EU Commission’s Standard Contractual Clauses. A version of the IDTA is also available from Simply-Docs here, with an accompanying Data Processing Agreement template here.
As explained in more detail in the August 2022 newsletter, the IDTA (or the Addendum, if preferred), replaces the old EU Standard Contractual Clauses as an appropriate safeguard for the transfer of personal data from the UK to a third country outside the EEA.
If you are an Employment subscriber, you can also access updated versions of the Employee Data Protection Policies (short-form and standard) and the Home Working Data Protection Policy as part of your subscription. Updates will be displayed in your Account.
Please note that the range of Data Protection Policies is designed for business use only and that certain provisions of the UK GDPR which relate to public authorities and other official bodies have not been fully incorporated in the templates.
The contents of this Newsletter are for reference purposes only and do not constitute legal advice. Independent legal advice should be sought in relation to any specific legal matter.