Profile information Account settings
Logout
Help Contact us
Sign up Log in
Help Contact us

MAKE YOUR FREE Data protection and data security policy

  • Make your document in minutes
  • Access from any device
  • Securely sign online
Make document

How to make a Data protection and data security policy

A data protection policy is a comprehensive internal document that sets out the policies and procedures a business will comply with when dealing with personal information and personal data.

Make sure you meet your legal obligation to notify staff about your use of their personal data as well as their use of client's personal data with this data protection policy. Proper data security rules will instil confidence in your clients and employees and help protect you from any mishandling of personal data. This data protection policy template outlines the responsible parties, the sorts of data covered, and the essential protection measures for the security of personal data.

This document is GDPR compliant.

Use this data protection and data security policy

  • to inform staff about your use of their personal data, as required by law
  • to educate staff about the principles they must adhere to in handling personal data
  • to help comply with your duty to protect the security of personal data, by informing staff of necessary measures

This data protection and data security policy covers

  • who is responsible for data protection and data security
  • what kinds of data are covered by the policy
  • the types of data collected by the employer about staff
  • the uses the employer makes of data concerning staff
  • transfer of data overseas
  • principles that must be adhered to in handling personal data
  • measures to protect the security of personal data
  • subject access requests

Having a data protection policy ensures that your business has a systematic approach to comply with any laws and regulations. It will help inform staff about their duties and makes it clear the procedures for collecting, storing and processing data.

This also gives employees the confidence that you are taking the necessary steps to protect them from any claims.

By creating and ensuring this practical document is made readily available for staff and customers to read, it will be incorporated into your business. It should be made clear to staff that they should refer to the policy, and be made clear where they can find the policy when they need data protection advice. 

You can also include it in your employee handbook for employees to read, provide staff with appropriate training on the implementation of the policy and attach it alongside any terms and conditions so customers can refer to it.

Ask a lawyer for:

  • changing an existing data protection policy that is contractually binding
  • advice on the use of covert monitoring in the workplace
  • issues where employer's use of employee data may infringe their right to privacy or relates to information about what they do outside work

This data protection and data security policy is governed by the law of England and Wales or the law of Scotland.

Other names for Data protection and data security policy

Data protection statement, Data protection agreement and Data protection policy.

We use cookies to provide the best experience