The Data Protection Policy states the company’s commitment to comply with Data Protection regulations including the General Data Protection Regulation (GDPR). It details the measures it has implemented to ensure this compliance.

The policy template covers data protection measures such as: -

• The position of a Data Protection Officer (DPO)/ Representative
• The use of a Personal Data Register
• The conduct of Data Review and Retention
• The requirement for Consent where necessary
• The processing of Special Category / Sensitive Personal Data
• The implementation of Privacy by Design / Data Protection Impact Assessments (DPIA)
• The conduct of Data Processing / Transfer
• The conduct of International Transfer of Data
• The measures in place to ensure Data and Information Security
• The conduct of Subject Access Requests (SAR’s)
• The process by which Data Breaches are dealt with

The information classification label on this policy is [Business Use].