The General Data Protection Regulation (GDPR) that comes into force on 25th May 2018 has been keeping us really busy writing and updating data protection policies.
Companies have been reviewing their employee handbook to ensure that their data protection policy is up to date, or in some cases plugging the gap where there wasn’t an existing policy.
A data protection policy needs to be tailored to each business’s circumstance, but broadly speaking the policy should cover:
- How data is defined
- What data you need to hold and why
- How you intend to process the data
- How long you intend to keep it and
- How to deal with a breach, should one occur
The policy ensures that your employees understand how you use their personal information, but it also conveys how they should treat data security on behalf of your business. Not only is this showing your respect to them, it in turn demonstrates to your clients, suppliers and other stakeholders that you are a professional organisation that takes data security seriously.