Data Protection Policies & Procedures
We can work with you to develop and document your data protection policies and procedures, or to review existing ones to ensure consistency with your GDPR and other data protection obligations. Typical areas covered include:
- Top-level Data Protection policy
- Data Protection incident handling procedure and log
- Data Subject Access Request handling procedure and log
- Standard Data Protection Impact Assessment template
- Records of data processing activities
- Standard procedure for engaging Data Processors
- Personal Data Retention and Destruction Policy, including Retention Periods matrix
- Procedures and standards for securing and encrypting Personal Data
- Direct Marketing policies, if applicable
Having your documented data protection policies & procedures, and suitable records of your actual implemenation is a key method to meet your GDPR Article 5(2) accountability obligation. It requires you to be able to demonstrate compliance with the GDPR principles.