This comprehensive policy outlines the organisation’s legal obligations under the Data Protection Act 2018 and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security.
In plain English, this policy explains data protection principles, how personal data is defined, how personal data is processed, when, if ever, personal data is shared and how employees should process company data.
Includes sections on how to deal with data breaches and subject access requests.