02 – Template Content – EU GDPR

Table of Content: An outline of suggested content within template.


02.01 - Introduction

<<organisation name>> (including its subsidiaries hereinafter referred to as “<<organisation n...

02.02 - Purpose

The purpose of this policy is to ensure that <<organisation name>> processes personal data...

02.03 - Scope

By this policy, <<organisation name>> sets forth how it shall process and manage personal...

02.04 - Definition of Terms

Personal Data – A name, identification number, location data, and/or online identifier, including o...

02.05 - References

This policy references other policies that carry greater details and include: EU GDPR UK GDPR...

02.06 - Policy Statement & Applicability

The entire Management and Board of <<organisation name>>, located at Address, is committed...

02.07 - Data Protection Principles

All personal data collection, processing, retention, transfer, disclosure and destruction are conducted...

02.08 - Rights of the Data Subject

In regards to data processing and recording, data subjects have the right to: Be informed of the...

02.09 - Breach Management

<<organisation name>> will set up a process for managing and dealing with data breaches for...

02.10 - Children’s Services

<<organisation>> recognises that children need particular protection when <<organisation>>...

02.11 - Complaints Management

<<organisation name>> will set up a process for managing and dealing with data subject complaints...

02.12 - Data Protection Reviews & Audits

<<organisation name>> will set up a process for regularly testing, assessing and evaluating...

02.13 - Data Security

For security of personal data; All Employees/Staff are responsible for ensuring that any personal...

02.14 - Data Storage, Retention and Disposal

<<organisation name>> complies with GDPR/GDPR and other relevant local laws, standards and...

02.15 - Data Transfer

Transfers of personal data outside of EU/UK is subject to the supervision of the supervisory authorities...

02.16 - Data Protection Impact Analysis

A Data Protection Risk Assessment is required to be completed when the processing of data is likely to...

02.17 - Notices & Consent

<<organisation name>> understands ‘consent’ to mean that it has been explicitly and freely giv...

02.18 - Roles and Responsibilities

Under the GDPR/GDPR, <<organisation name>> is a data controller and/or data processor. <<organisation...

02.19 - Records of Processing Activities

To increase accountability for businesses, GDPR Article 30 introduced new rules regarding how a company...

02.20 - Subject Access Request Management

<<organisation name>> will set up a process for managing and dealing with subject access...

02.21 - Third Party Services

Data protection policies covering third party services <<Refer to third party services policy>>...

02.22 - Training & Awareness Management

We are required to ensure all Company Personnel have undergone adequate training to enable them to comply...

02.23 - Supervisory Authorities

The EDPS is an independent supervisory authority responsible for ensuring that EU institutions and bodies...