This Compliant Data Security Policy has been designed for use by a range
of organisations, addressing key data security considerations that may
assist in compliance with the UK's data protection legislation (including the UK GDPR and the Data Protection Act 2018).
This document has been updated for compatibility with the UK GDPR and is ready for use from the start of 2021.
Please Note: This is not a Data Protection Policy. It is a
data security policy designed to support a data protection policy. Our Data
Protection Policy template contains a much higher level of detail that is
specific to the obligations imposed and rights bestowed by data protection
Based on our IT Security Policy, this document extends beyond IT systems
and data that is stored electronically to cover a wider range of data,
including that stored in hardcopy form. The exact scope of the policy is
left for you to define. It does not need to be limited to personal data and
can be used to govern the use and security of confidential business
information and other valuable data.
Key issues including internet security, software updates, access
privileges, and physical security are addressed. Where appropriate, this
Data Security Policy cross-refers to other policies including a Data
Protection Policy and Data Retention Policy (templates for both are
available here in our UK GDPR & Data Protection group).
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
This Data Security Policy contains the following clauses:
2. Key Principles
3. Department Responsibilities
4. Users’ Responsibilities
5. Software Security Measures
6. Anti-Virus Security Measures
7. Hardware Security Measures
8. Organisational Security Measures
9. Access Security
10. Data Storage Security
11. Data Protection
12. Deletion and Disposal of Data
13. Internet and Email Use
14. Reporting Security Breaches
15. Policy Review
16. Implementation of Policy
This Data Security Policy is in open format. Either enter the requisite
details in the highlighted fields or adjust the wording to suit your
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.