new Data Protection Policy template

Home Page Forums Forum new Data Protection Policy template


This topic contains 1 reply, has 2 voices, and was last updated by

4 months, 4 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #1019


    does anyone know if there’s a new Data Protection Policy template available for GDPR?

    I’m not sure which parts of our existing DP Act 1998 policy I need to update. Any advice/ links gratefully received.
    Jayne @ Southwark Works



    Hi Jayne,

    Thank you for your question and for using the forum. This is an excellent question and actually quite difficult.

    There are lots of links to templates on Google however depending on which one you go to some expect you to pay (i.e IT Governance produce a full toolkit but comes at a cost), it also depends on what their existing Policy document contains and whether it is an update or a rewrite and indeed the expertise of who is leading it.

    Our advice is that we would expect some of the following to be included within a policy addressing GDPR.




    Data Protection by Design

    Compliance Monitoring

    The assignment of responsibilities. 

    Raising awareness. 

    Training of Employees. 

    Data Subject Rights. 

    Personal Data Transfers. 

    Personal Data Incident Management. 

    Personal Data Complaints Handling. 

    Data Protection Principles

    Principle 1: Lawfulness, Fairness and Transparency

    Principle 2: Purpose Limitation

    Principle 3: Data Minimisation

    Principle 4: Accuracy

    Principle 5: Storage Limitation

    Principle 6: Integrity & Confidentiality

    Principle 7: Accountability A.5(2) The Data Controller shall be responsible for, and be able to demonstrate compliance.

    Data Collection

    Data Sources

    Data Subject Consent

    Data Subject Notification

    Privacy Notices

    Data Use

    Data Processing

    Special Categories of Data

    Children’s Data

    Data Quality

    Profiling & Automated Decision-Making

    Digital Marketing

    Data Retention

    Data Protection – Security of Processing

    Data Subject Requests

    The right of the Data subject to:

    Object to Processing of their Personal Data. 

    Lodge a complaint with the Data Protection Authority. 

    Request rectification or erasure of their Personal Data. 

    Request restriction of Processing of their Personal Data. 

    Data Protection Training

    Data Transfers

    Transfers to Third Parties

    Complaints Handling

    Breach Reporting

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.