Data Security Policy

This Data Security Policy is designed for use by a wide range of organisations and addresses key data security measures that may help support compliance with the UK GDPR, the Data Protection Act 2018, and related internal governance requirements.

It is a supporting policy rather than a standalone data protection document. It is intended to sit alongside a fuller Data Protection Policy and, where relevant, other related policies such as a Data Retention Policy.

Use this policy to strengthen data security controls

Based on the IT Security Policy, this template goes further than electronic systems alone. It can also be used to cover hard copy records and other valuable information held by the business.

Its scope is deliberately flexible. It does not need to be limited to personal data and can also be used to govern the security and handling of confidential business information and other important data.

Not a Data Protection Policy

This is not a Data Protection Policy. It is a data security policy designed to support a data protection policy.

The Data Protection Policy template, also available in short-form, contains much more detailed material on the obligations imposed and rights conferred by data protection law.

What the policy covers

The policy addresses practical security issues across both technical and organisational settings, including:

• department and user responsibilities;
• software, anti-virus, and hardware security measures;
• organisational security, access controls, and storage security;
• data protection, deletion, and disposal;
• internet and email use;
• reporting security breaches, policy review, and implementation.

Where relevant, the policy also cross-refers to other related documents, including a Data Protection Policy and Data Retention Policy.

Data Security Policy is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.