This Data Handling Policy is designed for use alongside a Data Protection
Policy (and other related policies such as a Data Retention Policy). It
sets out a range of rules for all staff (and others working on behalf of a
business) to follow when working with personal data.
This document has been updated for compatibility with the UK GDPR. It is ready for use from the start of 2021.
Unlike the Data Protection Policy, this document does not include more
detailed information about the law itself (mostly stemming from the UK GDPR and Data Protection Act 2018).
Instead, it is designed to work as a companion, serving as a list of “do’s
and don’ts” for your staff – a more accessible document for everyday use
than a full-size Data Protection Policy.
As with many of our other policy templates, this document can be edited to
add or remove information to make it better suited to your particular
It is important to note, however, that this document should not be used in
place of a Data Protection Policy as such a policy should address a number
of key areas in more detail.
Our Data Protection Policy templates are available here.
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
This Data Handling Policy contains the following sections:
3. Data Protection Officer & Scope of Policy
4. Data Protection
5. Data Security
6. Data Handling
7. Accountability and Record-Keeping
8. Implementation of Policy
This Data Handling Policy is in open format. Either enter the requisite
details in the highlighted fields or adjust the wording to suit your
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.