The Data Protection Act 1998 was replaced by the General Data Protection Regulations on 25 May 2018. GDPR applies to every business that collects, stores and uses personal data relating to customers, staff or other individuals. You should review any existing data protection systems, policies and procedures to take account of the new rules.
Why you need a data protection policy
Failing to follow data protection rules could lead to a substantial fine. Data protection policies will help you comply with the GDPR requirements by setting out clear procedures to be followed both by businesses and by data subjects.
A clear data protection policy makes sure everyone in your company understands why data protection is important. It also describes procedures for collecting, working with and storing data. This has been increasingly important as businesses have adopted more flexible working arrangements and staff are working remotely at least part of the week.
Implementing a data protection policy
Your data protection policy should be a practical document. Your staff should be able to understand it and refer to it when they need data protection advice.
It’s important to review your data protection policy regularly. Most companies do this about every two years. You should also review if your business changes how it operates or plans to start storing data in a new way.
It’s a good idea to require staff to read your data protection policy (and sign a document to that end) when you introduce it. It should also be part of your induction programme for new employees.
However, always remember that a policy alone is not enough to ensure your business keeps its data safe and operates within the law. Training, expert advice and clear lines of responsibility are other important considerations.
Sample data protection policy template
We've worked with Simply Docs to bring you unlimited access to hundreds of simple and easy-to-use templates and policies - including up-to-date data protection policies that can help you make sure you comply with GDPR.
Buying readymade templates is much quicker and cheaper than having to create your own from scratch. And they've been drafted, reviewed and updated to a high standard by the legal experts at Simply Docs.