Data protection is a vital ingredient in running a successful business, not
least in light of the UK GDPR and Data Protection Act 2018. This document has been updated for compatibility with the UK GDPR and is ready for use from the start of 2021.
This Data Protection Policy template sets out the rights of data subjects,
the core principles of data protection, and the obligations of a business
as a data controller under UK data protection legislation.
This document has been written as a “short form” alternative to our standard Data Protection Policy. Most of the core provisions are virtually the same;
however, some more detailed provisions have been removed and replaced with
cross-references to separate policies (e.g. our Data Security Policy).
As more focused policies are added to our portfolio, it is our intention to
modify this Short Form Data Protection Policy template further, replacing
more provisions with simpler cross references to separate documents.
Please note that this policy template is designed for business use only.
Certain provisions in the UK GDPR which relate to public authorities and other
official bodies are not covered in full.
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
This Short-Form Data Protection Policy contains the
3. Data Protection Officer & Scope of Policy
4. The Data Protection Principles
5. The Rights of Data Subjects
6. Lawful, Fair, and Transparent Data Processing
8. Specified, Explicit, and Legitimate Purposes
9. Adequate, Relevant, and Limited Data Processing
10. Accuracy of Data and Keeping Data Up-to-Date
11. Data Retention
12. Secure Processing
13. Accountability and Record-Keeping
14. Data Protection Impact Assessments and Privacy by Design
15. Keeping Data Subjects Informed
16. Data Subject Access
17. Rectification of Personal Data
18. Erasure of Personal Data
19. Restriction of Personal Data Processing
20. [Data Portability]
21. Objections to Personal Data Processing
22. [Automated Processing, Automated Decision-Making, and Profiling]
23. [Direct Marketing]
24. Personal Data Collected, Held, and Processed
25. Transferring Personal Data to a Country Outside the UK
26. Data Breach Notification
27. Implementation of Policy
This Short-Form Data Protection Policy is in open format.
Either enter the requisite details in the highlighted fields or adjust the
wording to suit your purposes.
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.