Is your Data Protection Policy fit for purpose?

Written by Leah Waller

Senior Consultant Solicitor

Your Data Protection Policy is your underlying internal policy that outlines your Company’s procedures for Data Protection, in accordance with The Data Protection Act 2018.

A good Data Protection Policy will deal with all aspects relating to the obtaining, handling, processing, transporting and storage of Personal Data in the course of your business operations and activities, including customer, supplier and also employee data.

This Policy can be included within your Staff Handbook and can be used for any staff training and inductions as it will be applicable to all employees, workers, contractors, agency workers, consultants, directors, casual workers and members of your business.

So, what should your Data Protection Policy include?

A Data Protection Policy should include sections on:

  • Why the Policy is required and what it covers;
  • The Personal Data protection principles;
  • Lawfulness, Fairness & Transparency of the processing of Personal Data;
  • Consent to processing of Personal Data;
  • The Purpose of collection of Personal Data;
  • Accuracy of Personal Data;
  • Storage of Personal Data;
  • Security, Integrity and Confidentiality of Personal Data;
  • Reporting Data Breaches;
  • Transfer of Personal Data;
  • Data Subject’s Rights;
  • Data Subject Access Requests;
  • Accountability & Record Keeping;
  • Sharing of Personal Data;
  • Penalties & Fines.

Greystone Solicitors offer a FREE initial consultation and are more than happy to help.

Call us on 01582 343453 or email on Info@GreystoneSolicitors.co.uk