This document has been updated for compatibility with the UK GDPR. It is ready for use from the start of 2021.
The COVID-19 pandemic has made homeworking essential for many businesses.
Consequently, a great deal of personal data that would previously have been
confined to business premises and systems will be accessed and processed at
home during the lockdown.
Data protection law in the UK, in particular the UK GDPR and Data Protection
Act 2018, and compliance with that law, is very important. Ensuring that
your staff have a good working knowledge and understanding in order to
support technical and organisational safeguards is essential.
This Data Protection Policy template for Home Working is based on our
general Data Protection Policy and includes additional provisions to make
it more suitable for home working. Under normal circumstances, the handling
of personal data by employees working from home would not be desirable, but
data protection compliance must adapt to the current situation.
This document template incorporates much detail from the UK GDPR itself in
order to raise awareness among your staff. It also sets out a range of
steps to be taken, designed to secure and protect personal data, as well as
to improve your compliance with the law.
Please note that this document is designed for business use only, and
certain provisions of the law relating to public authorities and other
official bodies have not been addressed.
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
This document is also available in the Data Protection Policies subfolder,
the Flexible & Home Working group, and to Business folder subscribers
in our UK GDPR & Data Protection group.
This Data Protection Policy - Home Working contains the following sections:
4. The Data Protection Principles
5. The Rights of Data Subjects
6. Lawful, Fair, and Transparent Data Processing
8. Specified, Explicit, and Legitimate Purposes
9. Adequate, Relevant, and Limited Data Processing
10. Accuracy of Data and Keeping Data Up-to-Date
11. Data Retention
12. Secure Processing
13. Accountability and Record-Keeping
14. Data Protection Impact Assessments and Privacy by Design
15. Keeping Data Subjects Informed
16. Data Subject Access
17. Rectification of Personal Data
18. Erasure of Personal Data
19. Restriction of Personal Data Processing
20. [Data Portability]
21. Objections to Personal Data Processing
22. [Automated Processing, Automated Decision-Making, and Profiling]
23. [Direct Marketing]
24. Personal Data Collected, Held, and Processed
25. Data Security – Transferring Personal Data and Communications
26. Data Security – Storage
27. Data Security – Disposal
28. Data Security – Use of Personal Data
29. Data Security – IT Security
30. Organisational Measures
31. Transferring Personal Data to a Country Outside the UK
32. Data Breach Notification
33. Implementation of Policy
This Data Protection Policy - Home Working is in open format. Either enter
the requisite details in the highlighted fields or adjust the wording to
suit your purposes.
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.