Read the Data Protection and Data Security Policy carefully to make sure it meets your needs. Make sure that your Policy only makes commitments that you can realistically meet.
Remember that if you have any questions you can easily Ask a lawyer.
Data protection and data security policy legal checklist
Make it Legal™ Checklist
Here are a few important steps to take to finish your document
This document is a Policy and not a contract. As a result, it does not need to be signed or agreed to by your staff members. While you can ask your staff to sign an acknowledgement to show that they received the Policy, this is not legally required.
Remember that simply having a Data Protection and Data Security Policy in place doesn’t mean you’ve complied with your legal obligations. You need to ensure that the steps set out in your Policy are followed. It is therefore crucial that you make a plan for the implementation of the Data Protection and Data Security Policy.
Make your Data Protection and Data Security Policy available to your staff. For example by:
-
including it in induction packs
-
providing it in hard copy
-
distributing it by email
-
putting it on notice boards, an intranet site or other easily accessible business computer systems
A copy of your Data Protection and Data Security Policy will be stored automatically in your Rocket Lawyer account ‘Dashboard’.
You should also download and securely store a copy of your Policy for your records. If you later amend your Data Protection and Data Security Policy, you should:
-
store your new copy
-
keep a dated copy of each version of your Policy that has previously been in force
-
keep a record of when it was introduced and how
-
keep a record of when each version was made available to staff
