Data Protection Policy Template

Employee Data Protection Policy


Data protection plays a key role in today’s business world and, given the vast quantities of data held by businesses regarding their employees, is crucial from an employer’s perspective. The Data Protection Act 1998 lays down a number of important principles which govern how personal data is collected, held and processed by organisations. Whilst many businesses comply without realising it, it is all to easy to fail to comply with the requirements of the Data Protection Act in the absence of a fixed data protection policy.

This Employee Data Protection Policy clearly sets out the data protection obligations of an employer and lays down a number of organisational and procedural measures to ensure compliance with the Act, applying not only to the business itself, but also to all employees, contractors, agents and any other third parties working on the business’s behalf The rights and procedures for employees (as data subjects) are also included in this policy document.

This template has now been updated with more detailed content, focusing in particular on the obligations of the data controller, and a significant number of new measures designed to protect data have been incorporated. Furthermore, a higher level of detail is provided on the rights of data subjects, and on the conditions for processing personal data. Whereas the previous version required more frequent reference to the Data Protection Act itself, the policy document now contains much of the relevant information in full.

The provisions of this policy are designed to apply to personal data relating primarily to employees. An alternative data protection policy is available which governs personal data relating to outside parties such as customers. This document is also available as part of the Employment document folder.

Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.

This Employee Data Protection Policy contains the following sections:

1. Introduction
2. The Data Protection Principles
3. Rights of Data Subjects
4. Personal Data
5. Health Records
6. Benefits
7. Trade Unions
8. Monitoring
9. Processing Personal Data
10. Data Protection Procedures
11. Organisational Measures
12. Access by Data Subjects
13. Employee Records and Retention
14. Notification to the Information Commissioner’s Office
15. Implementation of Policy


This document is in open format. Either enter the requisite details in the highlighted fields or adjust the wording to suit your purposes.

Once you have subscribed to the appropriate document folder click on the “Download Document” button below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.