Digital Data Protection Policy Template

Digital Data Protection Policy


Data protection plays a key role in today’s business world and perhaps most crucially, online. The Data Protection Act 1998 lays down a number of important principles which govern how personal data is collected, held and processed by organisations. Whilst many businesses comply without realising it, it is all too easy to fail to comply with the requirements of the Data Protection Act in the absence of a fixed Data Protection Policy.

This Digital Data Protection Policy clearly sets out the obligations of a business as a data controller and lays down a number of organisational and procedural measures to ensure compliance with the Act, applying not only to the business itself, but also to all employees, contractors, agents and any other third parties working on the business’s behalf. The rights and procedures for data subjects are also detailed in this document. While very similar in most respects to the standard Data Protection Policy from Simply-Docs, additional points are included in this version with added relevance for those businesses operating online.

This template has now been updated with more detailed content, focusing in particular on the obligations of the data controller, and a significant number of new measures designed to protect data have been incorporated. Furthermore, a higher level of detail is provided on the rights of data subjects, and on the conditions for processing personal data. Whereas the previous version required more frequent reference to the Data Protection Act itself, the policy document now contains much of the relevant information in full.

The provisions of this policy are designed to apply to personal data relating primarily to parties outside of the organisation such as customers. An alternative data protection policy is available which governs personal data relating to employees.

This template is duplicated in the Website Privacy Policies sub-folder.

Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.

This Digital Data Protection Policy contains the following sections:

1. Introduction
2. The Data Protection Principles
3. Rights of Data Subjects
4. Personal Data
5. Processing Personal Data
6. Data Protection Procedures
7. Organisational Measures
8. Access by Data Subjects
9. Notification to the Information Commissioner’s Office
10. Implementation of Policy


This document is in open format. Either enter the requisite details in the highlighted fields or adjust the wording to suit your purposes.