Short-Form Staff Data Protection Policy
26 November 2023 Update: This document has been reviewed and updated for compatibility with the UK-US Data Bridge and other “partial findings of adequacy” relating to specific organisations, legislation, and frameworks.
This Short-Form Staff Data Protection Policy template is designed for use as an internal policy document and has an HR focus, dealing specifically with the personal data of employees.
The provisions of this document set out the rights of employees as “data subjects” and the employer’s obligations in its role as a data controller under the UK's data protection legislation (including the UK GDPR and the Data Protection Act 2018).
This document has been written as a “short-form” alternative to our standard Employee Data Protection Policy. Most of the central provisions are fundamentally the same; however, some more detailed elements have been removed and replaced with references to separate policies.
Please note that this document is designed for HR use and only in a business environment. The language used throughout establish and employment focus which makes this template unsuitable for use in other contexts. A general Short-Form Data Protection Policy is also available. Please also note that certain provisions of the UK GDPR relating to public authorities and other official bodies have not been fully incorporated.
Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.
This document is also available to Business folder subscribers in the UK GDPR & Data Protection group.
This Short-Form Staff Data Protection Policy contains the following clauses:
3. Data Protection Officer & Scope of Policy
4. The Data Protection Principles
5. The Rights of Data Subjects
6. Lawful, Fair, and Transparent Data Processing
8. Specified, Explicit, and Legitimate Purposes
9. Adequate, Relevant, and Limited Data Processing
10. Accuracy of Data and Keeping Data Up-to-Date
11. Data Retention
12. Secure Processing
13. Accountability and Record-Keeping
14. Data Protection Impact Assessments and Privacy by Design
15. Keeping Data Subjects Informed
16. Data Subject Access
17. Rectification of Personal Data
18. Erasure of Personal Data
19. Restriction of Personal Data Processing
20. [Data Portability]
21. Objections to Personal Data Processing
22. [Automated Processing, Automated Decision-Making, and Profiling]
23. Personal Data
24. Sharing Personal Data
25. Transferring Personal Data to a Country Outside the UK
26. Data Breach Notification
27. Implementation of Policy
This Short-Form Staff Data Protection Policy is unlocked and in .doc format. Either enter the requisite details in the highlighted fields or adjust the wording to suit your purposes.
Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.