UK data protection law is not to be messed with. The Data Protection Act 1998 applies to every business that collects, stores and uses personal data relating to customers, staff or other individuals.
Failing to follow the rules could mean a fine of up to £500,000.
A clear data protection policy makes sure everyone in your company understands why data protection is important. It also describes procedures for collecting, working with and storing data.
Our sample data protection policy template is designed to help you create a data protection policy that works for your business.
As every company is different, it’s important to consider how you work with data and write a policy to suit your circumstances.
You can use our sample data protection policy template as a starting point and add, remove or change information as required.
Data protection is an important issue for every business, so it’s a good idea to seek professional advice before putting your policy into action. Using a sample data protection policy template may allow you to reduce your costs, because you won’t need to ask your lawyer to create a policy from scratch.
You can download our sample data protection policy template now. It’s a Word file, so most computers should be able to open it automatically.
(Microsoft Word, 58KB)
The Data Protection Act is founded on eight principles of data protection. These say that data must:
Our sample data protection policy template is organised along similar lines, addressing each of these principles to explain:
Your data protection policy should be a practical document. Your staff should be able to understand it and refer to it when they need data protection advice.
It’s important to review your data protection policy regularly. Most companies do this about every two years. You should also review if your business changes how it operates or plans to start storing data in a new way.
It’s a good idea to require staff to read your data protection policy (and sign a document to that end) when you introduce it. It should also be part of your induction programme for new employees.
However, always remember that a policy alone is not enough to ensure your business keeps its data safe and operates within the law. Training, expert advice and clear lines of responsibility are other important considerations.