Select Page
Atkins Dellow > Introduction to Data Protection Policy

16 January 2024 | HR & Employment

Introduction to Data Protection Policy

SHARE

As a matter of law employers must give employees employment contracts which cover the key terms of the employment relationship.  As a matter of good practice, and often a resource that can save a dispute from arising or provide the best framework for resolving a dispute, are the non-contractual policies and procedures that can be included in a staff handbook. This can sit alongside contracts of employment to set out how employees are expected to act and how the employer will deal with certain situations.

Data Protection Policy

In 2018, the UK brought into force laws to implement the EU’s General Data Protection Regulation (“GDPR”). GDPR replaced the UK’s existing data protection framework, and it comprehensively regulates the processing of personal data.  Even though GDPR originated from the EU, it still applies post-Brexit.

Virtually all businesses collect, process and store personal data about their employees, customers and suppliers, so it’s a good idea for them to have a Data Protection Policy.  This will help them comply with the UK data protection laws by setting out the principles and legal conditions that the business must satisfy when obtaining, handling, processing, transporting or storing personal data during its operations and activities.  On top of setting out how the business will process data; the policy should also make employees aware of their data protection obligations and explain the rights of individuals whose personal data is processed by the business.  Businesses can incorporate this policy into an employee handbook, or they can use it as a stand-alone document.  But whatever they do they should ensure that they make their employees aware of its existence and requirements.

We’ve prepared a draft Data Protection Policy to get you started.  You can download it by clicking here.  This policy deals with how a business should meet its data protection obligations under GDPR.   It doesn’t cover detailed data security provisions so you should have a separate Data Security Policy, which covers data security.  You’ll also need a Privacy Notice, which you can give to employees to transparently demonstrate how you’re going to use their personal data

This article and the policy are provided for general information purposes only and you should take specialist advice in relation to specific circumstances. Whilst we endeavour to ensure that what we say is correct, no warranty, express or implied, is given as to its accuracy, and Atkins Dellow LLP does not accept any liability for error or omission.

Need Legal Advice?
Call 0330 912 8338 for a no-obligation chat with one our experts today.

Where to find us

Related Expertise

Please note this article is provided for general information purposes only to clients and friends of Atkins Dellow LLP. It is not intended to impart legal advice on any matter. Specialist advice should be taken in relation to specific circumstances. Whilst we endeavour to ensure that the information in this article is correct, no warranty, express or implied, is given as to its accuracy, and Atkins Dellow LLP does not accept any liability for error or omission.

© Atkins Dellow LLP 2024

More Insights

Menopause Policies in Employment Law

Menopause Policies in Employment Law

Introduction to Menopause Policy As a matter of law employers must give their employees a written document which covers the key terms of the employment relationship. On top of this, it’s good practice for employers to have a staff handbook which includes the...

read more

We’re here to help