This document has been updated for compatibility with the UK GDPR. It is ready for use from the start of 2021.
This template Data Protection Policy sets out the rights of data subjects and the obligations of a business as a data controller under the UK's data protection legislation (including the UK GDPR and the Data Protection Act 2018), setting out a number of organisational and procedural measures to help ensure compliance.
This Data Protection Policy is highly detailed, aiming to reproduce key
parts of the UK GDPR in order to assist in the UK GDPR compliance and learning process
throughout your business. Nevertheless, please note that training remains
essential and that all personnel handling personal data within your
business should be fully aware of the UK GDPR and its principles, as well as
the procedures in place within your business.
This document is designed for business use only, and certain provisions of
the UK GDPR relating to public authorities and other official bodies have not
been fully incorporated.
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
This document is also available in the UK GDPR & Data Protection group.
This Data Protection Policy contains the following provisions:
4. The Data Protection Principles
5. The Rights of Data Subjects
6. Lawful, Fair, and Transparent Data Processing
8. Specified, Explicit, and Legitimate Purposes
9. Adequate, Relevant, and Limited Data Processing
10. Accuracy of Data and Keeping Data Up-to-Date
11. Data Retention
12. Secure Processing
13. Accountability and Record-Keeping
14. Data Protection Impact Assessments and Privacy by Design
15. Keeping Data Subjects Informed
16. Data Subject Access
17. Rectification of Personal Data
18. Erasure of Personal Data
19. Restriction of Personal Data Processing
20. [Data Portability]
21. Objections to Data Processing
22. [Automated Processing, Automated Decision-Making, and Profiling]
23. [Direct Marketing]
24. Personal Data Collected, Held, and Processed
25. Data Security - Transferring Personal Data and Communications
26. Data Security - Storage
27. Data Security - Disposal
28. Data Security - Use of Personal Data
29. Data Security - IT Security
30. Organisational Measures
31. Transferring Personal Data to a Country Outside the UK
32. Data Breach Notification
33. Implementation of Policy
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.