Data protection policy
A standard policy for use by a business setting out the principles and legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of business-external personal data in the course of the operation and administration of the business, including customer, supplier and employee data.
Integrated drafting notes. This document has integrated drafting notes embedded within the text. Click on a heading to read the note. See the Actions box on the right for additional viewing options.
Note: UK data protection law will change on 25 May 2018, when the EU General Data Protection Regulation takes effect, replacing the Data Protection Act 1998. See EU General Data Protection Regulation toolkit for information on the new Regulation and Practical Law's updating policy.