Updated GDPR Data Protection Policy
If your business handles any kind of personal data (and the chances are, it does), you will need to comply with UK data protection law. At present, the bulk of that law is represented by the GDPR. While this may change in name if the dreaded ‘no-deal’ Brexit scenario becomes a reality, in practice, many of the core requirements will stay the same.
Personal data is defined as ‘any information relating to an identified or identifiable natural person (a ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.’ In short, what this translates to, is that if you hold any data that identifies a person (even by seemingly more indirect means) you are holding personal data.
Updated Data Protection Policy Template
Back in May 2017 we published our first GDPR Data Protection Policy template and have made various amendments since. Now, with the one-year anniversary of the GDPR’s coming into effect fast approaching, we have reviewed the document once again and have made a number of useful improvements to it.
New definitions have been added at the start of the policy to make it easier for readers to understand some of the key terms and to ensure that they are interpreted in line with the GDPR. A number of provisions have also been added and enhanced, addressing areas such as consent, accountability, privacy by design, automated processing, and direct marketing.
This update marks the beginning of a review that will span our entire portfolio of GDPR and data protection documents, building on best practice and guidance that have emerged since the GDPR came into effect last May. We will also be keeping a close eye on Brexit and will, if it becomes necessary, publish amended documents in time to handle a no-deal exit from the EU.
The contents of this Newsletter are for reference purposes only and do not constitute legal advice. Independent legal advice should be sought in relation to any specific legal matter.