Who can use this Data Protection Policy?
If you have a business that has a website from which sales can be made and/or on which personal data can be collected, you need a Data Protection Policy.
What is a Data Protection Policy for?
It covers the main GDPR issues that a small business is likely to encounter and how they will ensure compliance with the basic requirements of the UK’s Data Protection Act.
Any business or organisation that is a data controller – i.e. one that collects personal data for processing – must implement appropriate technical and organisational measures. This is because it needs to to ensure it can demonstrate that processing is performed in compliance with the regulations. And, when proportionate, this includes implementing appropriate data protection policies.
As well as a Data Protection Policy, which is primarily an internal document, you will need to display a Privacy Notice (also called a Privacy Policy) on your website. You can find one here
What details does a Data Protection Policy contain?
The Data Protection Policy will cover
- the categories of personal data you collect and why – the types of people from whom you collect it (employees, customers, etc.,) and the type of data in each category
- Location and Security of data – where you keep it, how you secure it (encryption, password protection etc.)
- Third party processors who you use and the basis of your agreement with each of them
- How long you keep personal data and the reasons
- Destruction & Disposal of personal data – how this will be handled to ensure there are no problems
- The rights of individuals to access, rectify and remove their personal data
- How you will deal with subject access requests
- Data Breaches – duties and actions if you suffer a data breach
- Training
- Reviewing the data policy – this is needed periodically
For more information on each of these sections, see our Explanatory Notes which you will receive when you buy and download the document from our website.
And if you want to use the Notes, let us know by using our contact form
When I download the document, can I change it and/or use it more than once?
Yes, all ContractStore’s templates are in MS Word and you can use the contract on more than one project. For more information, watch the video on this page of our website or see our FAQs
Legal support
ContractStore supplies templates and is not a law firm. But all our templates are written by experienced lawyers so we can arrange legal assistance for customers who need special terms in one of our documents or a bespoke template. . For more information see our Legal Services page.
If you have any questions about a contract and/or want to see the Explanatory Notes before you buy, please let us know by using our contact form
You may also find these contracts of use:
Contract Between Data Controller and Data Processor GDPR (A250)
£29.50 Plus VATWho can use this Data Processor Appointment? This Data Processor Agreement is for use by a company or organisation that wants to appoint an outsider as data processor. What is this contract for? This data…
Privacy Notice Template (A217)
£8.50 Plus VATThis Privacy Notice template - previously known as a Privacy Policy - is for use on a website where the website owner collects data on visitors or customers. It meets the basic requirements of the…