Data Protection Policies

What is a data protection policy?

A data protection policy (DPP) sets out an organisation’s protocol for collection and management of personal data. A breach of the data protection rules can result in a fine of up to £500,000 so it is vital that everyone handling data is aware of the law and follows the correct procedures.

Who needs a data protection policy?

All UK businesses must comply with the requirements of the Data Protection Act 1998. This requires a data protection or privacy policy to be available to view on any website they may have.

Why have a data protection policy?

A clear DPP sets out for staff members exactly what is required of them when it comes to the collection of personal data. It should specify who is responsible for any data held and make it easy for employees to comply with the law. It is good practice to provide a copy of the DPP to each staff member.

what should a data protection policy contain?

A DPP should contain procedures for the collection, safe storage, use and deletion of personal data. For example data should never be shared with a third party, should be made available if requested by the individual concerned and should be deleted at the point it is no longer of use for the original purpose.

Need help from an expert data protection lawyer?​

Submit your enquiry to Lexoo and get quotes from expert data protection lawyers who can help draft your agreement or help with any related issues.