Data protection has increasingly played an important part in all businesses. On 25 May 2018, as a result of the GDPR effectively coming into force, it became even more fundamental.
This is a template for an Employee Data Protection Policy. It sets out the obligations of an employer and the rights of data subjects in the company’s capacity under the GDPR as a data controller. It also sets out several procedural and organisational measures to make sure compliance is applying to its fullest extent.
You can also Protect your organization and mitigate high risk projects by conducting a DPIA
This template has just passed through a review. The updation took place comprehensively. As of now, it includes many new provisions in full detail, including more detailed guidance on how to obtain extra assistance, key definitions for technical terms, more specific provisions on which ways and which employees’ personal data will be used, and new parts on important aspects such as consent.
This policy’s provisions are very detailed. They are aiming to be faithful to key parts of the GDPR. This, in turn, will assist you in the GDPR learning process in all parts of your company. However, please note that training still remains vital. Also, all personnel handling personal data inside your company should be completely aware of the GDPR, its principles, and its procedure.
The language used within this Employee Data Protection Policy limits its applicability and context to personal data relating to your employees. Should you need a more general data protection policy. For example, for customer data, please check our GDPR Data Protection Policy.
This document is solely only for business use. Certain GDPR provisions that relate to official bodies such as public authorities and others have not been incorporated fully.
This document can also be found under IT and Data Policies in the IT Software Group, as well as in the Employment document folder.
All Law Staff employees have a legal and professional responsibility to ensure