The Top 12 Documents and Policies You Need Think About Making GDPR Compliant Before May 25, 2018

January 10, 2018

Our GDPR experts have put together a list of documents and policies you need to be thinking about to be on your way to GDPR compliance before 25th May 2018. Get ahead of the game and find out below which may apply to you and your business. Below we explore what these documents and policies are and what, when and where you need to use them. This documents guidance note is also listed as part of the LawBite GDPR Documents Package, to help you on your way to data compliance.

 

 

 

1. Terms and Conditions of Website Use
The website terms of use are drafted for publication on a website. They contain provisions dealing with access to, and use of, the website including information about the website owner, rights to modify or withdraw the website, disclaimers for material published on it or linked to from it and rules about how such materials may be used.

2. Privacy Policy and Cookie Policy
This privacy policy is for use by a business in relation to the collection, storage and use of non-sensitive personal data, for use on a website which collects such data for the purpose of supplying goods or services to users of the site, or for contacting users with direct marketing information.
This privacy policy also incorporates a cookie policy which provides internet users with the necessary information about an online provider’s use of cookies as required by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (SI 2011/1208).

 

GDPR Products

 

 

3. Data Processing Agreement
You should also have a GDPR compliant data processing agreement. It covers the obligations that parties need to comply with when using third parties to process personal data.

4. Data Processing Clauses
This document contains clauses to be inserted into a third party supply agreement where the third party is processing personal data. The clauses contain the relevant obligations to comply with GDPR.

5. Data Retention Policy
A data retention policy establishes and describes how a company expects its employees to manage personal data. GDPR states that personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. This policy will help businesses identify and establish its own rules for how long data should be retained for.

6. Data Protection Policy
This is a standard policy for use by a business setting out the principles and legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data used in the course of the operation and administration of the business, including customer, supplier and employee data.

7. IT Security Policy
This is a standard policy for use by a business setting out the IT and data security principles that a business must comply with under GDPR. Businesses are required to put in place appropriate technical and organisational measures in place to prevent personal data being damaged, lost or stolen.

8. Consent to Data Processing
GDPR contains rules on how a business should obtain consent. This document contains a range of consents and guidance notes on how to use each consent form.

9. Clauses for Staff Agreements
These clauses for staff agreements have been updated to reflect GDPR, given the new rules on consent in an employment relationship. If you are issuing agreements to new members of staff or amending contracts for some other reason from 25th May 2018, these clauses can be used.

10. Employee Consent Form
GDPR rules on consent in an employment relationship mean that it would not normally be appropriate to request that an employee give their consent to their employer for their data to be processed. However, there may be limited and specific circumstances when this is required.

11. Privacy Notice to Staff
This privacy notice is for use by employers to advise employees, workers, contractors and other individuals who are employed or engaged by the business about the collection, storage and use of personal data by the employer. A privacy notice should be given to everyone whose data is collected and processed, including job applicants.

12. Memorandum to Board of Directors
The board of directors of a company needs to understand GDPR and have overall responsibility for a company’s compliance with GDPR. This memorandum highlights the key areas that the company need to understand with regard to GDPR so that the board understands the implications of failing to comply with GDPR.

– LawBite GDPR Team

 

To speak to one of our GDPR lawyers for free today, simply enter an enquiry for a free 15-minute consultation.

LawBite GDPR Documents Package offer

Leave a Reply

Your email address will not be published. Required fields are marked *


Ask a lawyer a company law question Or request a lawyer callback

Invalid Email
Please tick the box to show that you have read and agree to our Privacy Policy.
Thank you for submitting your enquiry. A member of our team will be in touch with you very shortly.

The LawBite Team