The EU General Data Protection Regulation (GDPR) is now enshrined within UK law in the Data Protection Act 2018. The UK Govt. has already formally confirmed that regardless of “Brexit” it will be fully compliant with the GDPR. This places an significant compliance obligation on all UK public, private and voluntary sector organisations who collect, or store personal data.

JALARO can support clients by drafting GDPR compliant policies and procedures. Currently the most common requests from clients are for:

  • A Privacy Notice that incorporates your Privacy Notice and Cookie Notice, addresses your GDPR requirements and is tailored to your organisation and your customer/clients’ requirements
  • A Privacy Policy, to replace your existing data protection policy, which is GDPR compliant and is specifically tailored to your organisation’s requirements
  • A “weeding policy” to ensure that personal data is only held for as long as is legally required
  • An incident reporting policy for any internal issue to be escalated to senior management and reported to the Information Commissioner’s Office (ICO) if a data breach occurs
  • An acceptable use policy (AUP) which sets out what staff can or cannot do on your organisations IT systems
  • A mobile device and removable media policy for staff working who are remote working or “off site”.
  • Workflow procedures for staff, to ensure that personal data is accessed, transferred, used and stored in a GDPR compliant manner
  • A data subject access request policy that meets the new and more demanding GDPR time constraints of 1 month

However, this is by no means an exhaustive list and other related policies or procedures can be researched and prepared for your specific organisational requirement.