MAKE YOUR FREE Data protection and data security policy

  • Make your document in minutes
  • Access from any device
  • Securely sign online
Make document

Overview of the Data protection and data security policy

This document is GDPR compliant.

See to it that you satisfy your legal obligation to notify staff about your use of their personal data as well as their use of client's personal data with this data protection policy. Proper data security rules will instil confidence in your clients and employees and help protect you from any mishandling of personal data. This data protection policy template outlines the responsible parties, the sorts of data covered, and the essential protection measures for the security of personal data.

Use this data protection and data security policy

  • to inform staff about your use of their personal data, as required by law
  • to educate staff about the principles they must adhere to in handling personal data
  • to help comply with your duty to protect the security of personal data, by informing staff of necessary measures

This data protection and data security policy covers

  • who is responsible for data protection and data security
  • what kinds of data are covered by the policy
  • the types of data collected by the employer about staff
  • the uses the employer makes of data concerning staff
  • transfer of data overseas
  • principles that must be adhered to in handling personal data
  • measures to protect the security of personal data
  • subject access requests

A data protection policy is a comprehensive document that sets out the policies and procedures a business will comply with when dealing with information and data.

Having a data protection policy ensures that your business has a systematic approach to comply with any laws and regulations. It will help inform staff about their duties and makes it clear the procedures for collecting, storing and processing data.

By creating this practical document and making sure it is readily available for staff and customers to read, it will be incorporated into your business. It should be readily available to staff to refer to when they need data protection advice.

You can also include it in your employee handbook for employees to read and attach it alongside any terms and conditions so customers can refer to it.

Ask a lawyer for:

  • changing an existing data protection policy that is contractually binding
  • advice on the use of covert monitoring in the workplace
  • issues where employer's use of employee data may infringe their right to privacy or relates to information about what they do outside work

This data protection and data security policy is governed by the law of England and Wales or the law of Scotland.

Other names for Data protection and data security policy

Data protection statement, Data protection agreement and Data protection policy.