Table of Content: An outline of suggested content within template.
02.01 - Introduction
<<organisation name>> (including its subsidiaries hereinafter referred to as “<<organisation n...
02.02 - Purpose
The purpose of this policy is to ensure that <<organisation name>> processes personal data...
02.03 - Scope
By this policy, <<organisation name>> sets forth how it shall process and manage personal...
02.04 - Definition of Terms
Personal Data – A name, identification number, location data, and/or online identifier, including o...
02.05 - References
This policy references other policies that carry greater details and include:
EU GDPR
UK GDPR...
02.06 - Policy Statement & Applicability
The entire Management and Board of <<organisation name>>, located at Address, is committed...
02.07 - Data Protection Principles
All personal data collection, processing, retention, transfer, disclosure and destruction are conducted...
02.08 - Rights of the Data Subject
In regards to data processing and recording, data subjects have the right to:
Be informed of the...
02.09 - Breach Management
<<organisation name>> will set up a process for managing and dealing with data breaches for...
02.10 - Children’s Services
<<organisation>> recognises that children need particular protection when <<organisation>>...
02.11 - Complaints Management
<<organisation name>> will set up a process for managing and dealing with data subject complaints...
02.12 - Data Protection Reviews & Audits
<<organisation name>> will set up a process for regularly testing, assessing and evaluating...
02.13 - Data Security
For security of personal data;
All Employees/Staff are responsible for ensuring that any personal...
02.14 - Data Storage, Retention and Disposal
<<organisation name>> complies with GDPR/GDPR and other relevant local laws, standards and...
02.15 - Data Transfer
Transfers of personal data outside of EU/UK is subject to the supervision of the supervisory authorities...
02.16 - Data Protection Impact Analysis
A Data Protection Risk Assessment is required to be completed when the processing of data is likely to...
02.17 - Notices & Consent
<<organisation name>> understands ‘consent’ to mean that it has been explicitly and freely giv...
02.18 - Roles and Responsibilities
Under the GDPR/GDPR, <<organisation name>> is a data controller and/or data processor.
<<organisation...
02.19 - Records of Processing Activities
To increase accountability for businesses, GDPR Article 30 introduced new rules regarding how a company...
02.20 - Subject Access Request Management
<<organisation name>> will set up a process for managing and dealing with subject access...
02.21 - Third Party Services
Data protection policies covering third party services
<<Refer to third party services policy>>...
02.22 - Training & Awareness Management
We are required to ensure all Company Personnel have undergone adequate training to enable them to comply...
02.23 - Supervisory Authorities
The EDPS is an independent supervisory authority responsible for ensuring that EU institutions and bodies...