Dashboard
Dashboard Make a document Ask a lawyer Get guidance Home
Account
Profile information Account settings
Logout
Help
Help Contact us
Explore
Make documents Ask a lawyer Get guidance About us
Account
Sign up Log in
Help
Help Contact us
Make documents
Easily make legal documents
See all documents
Popular business documents
Popular employment documents
Popular property documents
Popular family documents
Terms and conditions Privacy policy Non disclosure agreement Shareholders' agreement
Employment contract Health and safety policy Settlement agreement Consultancy agreement
Tenancy agreement Lodger agreement Eviction notice Declaration of trust
Affidavit Prenuptial agreement Last will and testament Power of attorney
Ask a lawyer
Get quick legal advice from a lawyer
Ask your question
Popular legal topics
Bespoke legal drafting Start a business Startup legal help Run an online business
Hire employees Manage employees Discipline employees Dismiss employees
Rent residential property Rent commercial property Manage rented property Tenant eviction service
Get divorced Apply for probate IR35 status determination advice Settlement agreement advice
Get guidance
Get reliable legal guidance
Read legal guides
Popular business guides
Popular employment guides
Popular property guides
Popular family guides
Make terms and conditions Run a private limited company Types of shares Ending a contract
Overpayment of wages Notice periods Summary dismissal Implied employment terms
Declaration of trusts Legal interests in property Section 21 notices Security of tenure
Affidavits Executing a will Changing your name Getting married
About us
Learn more about Rocket Lawyer
Contact us
Get more information
Pricing
Help
About us
Careers

MAKE YOUR FREE Data protection and data security policy

  • Make your document in minutes
  • Access from any device
  • Securely sign online
Make document
Data protection and data security policy

How to make a Data protection and data security policy

A data protection policy is a comprehensive internal document that sets out the policies and procedures a business will comply with when dealing with personal information and personal data.

Make sure you meet your legal obligation to notify staff about your use of their personal data as well as their use of clients' personal data with this data protection policy. Proper data security rules will instil confidence in your clients and employees and help protect you from any mishandling of personal data. This data protection policy template outlines the responsible parties, the sorts of data covered, and the essential protection measures for the security of personal data.

This document is GDPR compliant.

Use this data protection and data security policy:

  • to inform staff about your use of their personal data, as required by the law
  • to educate staff about the principles they must adhere to in handling personal data
  • to help comply with your duty to protect the security of personal data, by informing staff of necessary measures

This data protection and data security policy covers:

  • who is responsible for data protection and data security
  • what kinds of data are covered by the policy
  • the types of data collected by the employer about staff
  • the uses the employer makes of data concerning staff
  • transfer of data overseas
  • principles that must be adhered to in handling personal data
  • measures to protect the security of personal data
  • subject access requests

Having a data protection policy ensures that your business has a systematic approach to comply with any laws and regulations. It will help inform staff about their duties and makes it clear the procedures for collecting, storing and processing data.

This also gives employees the confidence that you are taking the necessary steps to protect them from any claims.

By creating and ensuring this practical document is made readily available for staff and customers to read, it will be incorporated into your business. It should be made clear to staff that they should refer to the policy, and be made clear where they can find the policy when they need data protection advice. 

You can also include it in your employee handbook for employees to read, provide staff with appropriate training on the implementation of the policy and attach it alongside any terms and conditions so customers can refer to it.

Ask a lawyer for:

  • changing an existing data protection policy that is contractually binding
  • advice on the use of covert monitoring in the workplace
  • issues where employer's use of employee data may infringe their right to privacy or relates to information about what they do outside work

This data protection and data security policy is governed by the law of England and Wales or the law of Scotland.

Other names for Data protection and data security policy

Data protection statement, Data protection agreement, Data protection policy.

Follow us

We use cookies to provide the best experience