Data Protection Policy
Our data protection policy template:
- Comply with the Data Protection Act 1998
- Expertly drafted by a UK lawyer
- Simple to edit and customise
- Money-back guarantee
How Does It Work?
- 1. Download
- 2. Edit
- 3. Print
- 4. Sign
Our Data Protection Policy template is suitable for any type of business with employees. It sets out how staff and management should deal with data protection in the workplace. It also includes a “Fair Processing Notice” regarding employee data, to notify staff of how you will hold and handle their personal data.
Under the General Data Protection Regulation (the GDPR), there are certain rules that every employer must observe regarding the security, protection, handling (or processing), storage of personal data about their staff. This policy (and of course ensuring it is enforced in practice) is a good step in the direction of ensuring the employer’s legal responsibilities on data protection are complied with.
More guidance on the GDPR
This page is not intended to be a summary of the principles of data protection – for in-depth information, please have a look at the website of the Office of the Information Commissioner at www.ico.org.uk. In handling personal data you must comply with the GDPR and the “Principles of Data Protection” that it imposes. See the ICO website for more information on what this means in practice.
Using our Data Protection Policy template
Our templates are all carefully put together, to make your life easy. Completing your policy will only take a few minutes, using our straight-forward guide, which leads you through each section, explaining what each section’s purpose is. In case of any queries when you use it, simply contact us by email or telephone: see our Contact Us section.
Other HR Handbook documentation
Legalo has a full range of expertly-drafted policies for your HR Handbook whether you are looking for individual policies or want to buy the complete set at a significant discount on the price of buying them individually. Have a look at our HR templates section for full details.
Clauses in this Data Protection Policy
The following gives you a good idea of what is covered by this template, as it is an excerpt form the guide that accompanies the template:
Policy outline – This section sets out the business’s commitment to compliance with the Data Protection Act 1998 regarding handling its employees’ personal data.
Principles of data protection – This section starts by listing the principles of data protection that are mandatory under the GDPR. (For an explanation on what they mean in practice see the ICO’s website.) It also includes definitions of “personal data”, “processing” and “sensitive personal data”, as per the definitions in the GDPR.
Fair processing notice – This section sets out the circumstances under which you will process employees’ personal data.
The use of your personal data – This section sets out the purposes for which personal data (and sensitive personal data) would be processed.
Limits on data processing – This section explains personal data will only be processed as necessary and permitted.
Accurate data and recording – In this section, the employee is asked to assist in keeping their personal data that is held by the employer up-to-date.
Personal data recording and retention – This section explains that personal data will be deleted when no longer needed.
Your rights and data processing – This section explains the employee’s rights regarding their personal data.
Keeping personal data secure – This section explains the obligation on the employer to keep the personal data confidential and secure, e.g. against theft by hackers.
Third party provision – This section explains the circumstances under which the personal data might be shared with a third party, e.g. a government agency with the right to know.
Requesting a copy of your personal data – This section explains that an employee can ask for a copy of all personal data held on them at no cost.
Concerns – This final section advises that if the employee thinks their data has been mishandled (or other’s has been) then they should report it to the employer’s appointed Data Protection Officer. It also states breaching this policy or the GDPR may lead to disciplinary action.