Data Protection Policy in accordance with UK GDPR

The data protection policy is a documentation that summarises all regulatory data protection aspects in the company. It includes objectives, responsibilities and documentation obligations and is one of the most important strategy papers of a company.

A good data protection policy assists with meeting the accountability obligations of the United Kingdom General Data Protection Regulation (UK GDPR) as stipulated by the supervisory authorities. It also serves as the basis for contractual data protection audits, e.g. by the commissioning customer.

The template from activeMind.legal UK Ltd. helps you draft a data protection policy that provides optimal support for all parties involved in data processing in the company. At the same time, it outwardly shows the importance of and the company’s commitment to data protection.

Frequently asked questions

The UK GDPR includes the principle of accountability in Art. 5 (2). Accordingly, each responsible party or individual must be able to provide evidence of an overall policy for data protection compliance, which must also be regularly reviewed and, if necessary, further developed.

In other words, companies that process personal data must establish a procedure to regularly review, rate and evaluate the efficacy of the data protection and technical and organisational measures. For this purpose, a data protection policy is the optimal starting point.

A data protection policy should be well structured because it has to be understandable for both internal and external stakeholders.

It must also depict the individual conditions in a company. Therefore, templates or samples should always be customised for the specific case. However, a proper data protection policy should contain at least the following contents:

  • Data protection policy and responsibilities in the company
  • Legal framework in the company
  • Documentation
  • Existing technical and organisational measures
  • Organisational minimum regulations