Read the document to make sure it meets your needs. Remember that if you have any questions you can easily Ask a lawyer. Ask a lawyer.
Just having a policy doesn’t mean you’ve complied with your legal obligations. Make sure the employer only makes commitments in the policy that it can realistically meet. Make a plan for implementation of the data protection and data security policy.
Make the data protection and data security policy available to employees by, for example, including it in induction packs, providing it in hard copy, sending it out by email, putting it on notice boards or an intranet site, or other easily accessible company computer systems. The data protection and data security policy is not a contract and does not need to be signed or agreed to by the employee. You can ask employees sign to an acknowledgement to show that they received it, but it’s not legally required.
A copy of the data protection and data security policy will be stored under “My Documents” in your Rocket Lawyer account.
When the data protection and data security policy is amended, keep a copy of each version of it that has been in force, a record of when it was introduced and how and when each version was made available to employees.