Employee Data Protection Policy (GDPR Compatible)
On 25 May 2018 the General Data Protection Regulation (GDPR) came into force and data protection is still at the top of many businesses’ agenda. The GDPR represented the most important change to data protection and privacy law in two decades and many businesses are still learning how best to build compliance into their day-to-day activities. This policy template is designed to help in that process.
Our Data Protection Policy sets out the rights of data subjects and the obligations of an employer in its capacity as a data controller under the GDPR, setting out a number of organisational and procedural measures to help ensure compliance.
This template has recently been reviewed and comprehensively updated and now includes a number of new and more detailed provisions including key definitions of technical terms, more helpful guidance on obtaining further assistance, new sections on important topics such as consent, and more specific provisions on the ways in which employees’ personal data will be used.
The provisions of this policy are very detailed, reproducing key elements of the GDPR, designed to assist in the GDPR learning process within your business, particularly with regard to HR. It is still important to note, however, that training remains essential and that all personnel handling personal data within your business should be fully aware of the GDPR and its principles, as well as the procedures in place within your business.
The language used in this Employee Data Policy limits its context and applicability to personal data relating to employees. For a more general data protection policy (for customer data, for example), please refer to our GDPR Data Protection Policy, available in the Business document folder.
This document is designed for business use only, and certain provisions of the GDPR relating to public authorities and other official bodies have not been fully incorporated.
This document is also available in the Business document folder.
Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.
This Employee Data Protection Policy template contains the following sections:
4. The Data Protection Principles
5. The Rights of Data Subjects
6. Lawful, Fair, and Transparent Data Processing
8. Specified, Explicit, and Legitimate Purposes
9. Adequate, Relevant, and Limited Data Processing
10. Accuracy of Data and Keeping Data Up-to-Date
11. Data Retention
12. Secure Processing
13. Accountability and Record-Keeping
14. Data Protection Impact Assessments and Privacy by Design
15. Keeping Data Subjects Informed
16. Data Subject Access
17. Rectification of Personal Data
18. Erasure of Personal Data
19. Restriction of Personal Data Processing
20. [Data Portability]
21. Objections to Personal Data Processing
22. [Automated Processing, Automated Decision-Making, and Profiling]
23. Personal Data
24. Equal Opportunities Monitoring Information
25. Health Records
27. [Trade Unions]
28. Employee Monitoring
29. Data Security – Transferring Personal Data and Communications
30. Data Security – Storage
31. Data Security – Disposal
32. Data Security – Use of Personal Data
33. Data Security – IT Security
34. Organisational Measures
35. Sharing Personal Data
36. Transferring Personal Data to a Country Outside the EEA
37. Data Breach Notification
38. Implementation of Policy
Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.