Data Protection Policy UK template
Our sample data protection policy template will help your business create a clear data protection policy and meet its obligations under UK data protection law. It is free to download and you can customise specified sections to suit your own business needs
If you would like to include this on your own website, you must credit the IT Donut and link back to this original page.
Why you need a data protection policy
Failing to follow the rules could mean a fine of up to £500, 000.
A clear data protection policy makes sure everyone in your company understands why data protection is important. It also describes procedures for collecting, working with and storing data.
Our sample data protection policy template is designed to help you create a data protection policy that works for your business.
As every company is different, it’s important to consider how you work with data and write a policy to suit your circumstances.
You can use our sample data protection policy template as a starting point and add, remove or change information as required.
Data protection is an important issue for every business, so it’s a good idea to seek professional advice before putting your policy into action. Using a sample data protection policy template may allow you to reduce your costs, because you won’t need to ask your lawyer to create a policy from scratch.
You can download our sample data protection policy template now. It’s a Word file, so most computers should be able to open it automatically.
(Microsoft Word, 58KB)
Data protection policy template structure
The Data Protection Act is founded on eight principles of data protection. These say that data must:
- Be processed fairly and lawfully
- Be obtained only for specific, lawful purposes
- Be adequate, relevant and not excessive
- Be accurate and kept up to date
- Not be held for any longer than necessary
- Processed in accordance with the rights of data subjects
- Be protected in appropriate ways
- Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection
Our sample data protection policy template is organised along similar lines, addressing each of these principles to explain:
- To what types of data the policy applies.
- Who in the business is responsible for data protection.
- The main data risks faced by the company.
- Key precautions to keep data protected.
- How data should be stored and backed up.
- How the company ensures data is kept accurate.
- What to do if an individual asks to see their data.
- Under what circumstances the business discloses data, and to whom.
- How the company keeps individuals informed about data it holds.
You might also like
Dont rely on Uncle Sams help for retirementby RetirementWarning
Twenty years ago, retirement was a time to look forward to and savor. But, today, we live in uncertain times. So, for most working adults, retirement has become very complexrequiring years of planning, a well-thought-out strategy, and a phase to be put off as much as possible.
Were living more years in retirement.
Why? Company-sponsored pensions have all but become extinct. Thanks to medical advances and healthier lifestyles, people are living longer. In the early 20th century, life expectancy was 47.3 years vs. todays life span of nearly 79 years.1 According to data from the Social Security Administration, a man who lives to 65 will live on average to age 84, while women of the same age should live to age 86
Scores of blunders sees Norfolk councils breach data laws over confidential .. — Norfolk Eastern Daily Press
Information Commissioner Christopher Graham has previously called for councils to take their responsibilities for protecting personal data more seriously. He said in 2012: “There is clearly an underlying problem with data protection in local government.”.