This data protection policy is a guide to the management of data protection issues in the workplace.
Organisations will normally hold a large amount of personal data that relates to their employees. That data must be stored, controlled, used and disposed of in compliance with the Data Protection Act 1998.
All organisations that hold personal data must do so in accordance with the eight principles of data protection, which provide that personal information must be:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept for longer than is necessary
- processed in line with data subjects' rights
- not transferred to other countries without adequate protection
In addition to these provisions, the processing of personal data means that most organisations must notify the Information Commissioner of their data processing purposes. This can be done online, via www.ico.gov.uk.
This data protection policy template is 5 pages long including the cover sheet, and comes in Word (.doc) format.
Click on the link below to view the first few pages of the data protection policy:
SAMPLE DATA PROTECTION POLICY