Data Protection Policy – UK GDPR

UK GDPR Data Protection policy template for use by recruitment agencies.  As a business that collects, uses and stores personal data, you are obliged to comply with the UK General Data Protection Regulation and Data Protection Act 2018.

The data protection policy template relates to how you comply with the UK's GDPR legislation internally (i.e. instructions and obligations for your internal staff) and covers:

  • A policy statement
  • Interpretation UK and definitions
  • Scope of the policy
  • Personal data protection principles
  • UK GDPR requirements around lawfulness and fairness
  • UK GDPR requirements around consent
  • UK GDPR requirements around transparency
  • UK GDPR requirements around purpose limitation
  • UK GDPR requirements around data minimisation
  • UK GDPR requirements around accuracy
  • UK GDPR requirements around storage limitation, data retention and disposal of records (including the length of time different types of documentation will be retained)
  • Security, integrity and confidentiality (including protection of personal data, reporting personal data breaches and transfer limitation)
  • Data subject's rights and requests
  • Accountability
  • Record keeping
  • Training & audit
  • Privacy by design & Data Protection Impact Assessment (DPIA)
  • Automated processing
  • Direct marketing
  • Sharing personal data
  • Data protection breach notification form

Length of Document: 25 Pages

Last Updated / Reviewed: 17.02.23

We also have a Privacy Policy / Privacy Notice template which provides information to external data subjects and third parties regarding the data that you will gather, how it is processed, how it is deleted and their rights under prevailing legislation.

If you need help with data protection questions in recruitment tenders, please contact us on 01688 400319 or email fiona.brunton@bruntonconsultancy.co.uk

 

Please note; this document is provided on the terms of the disclaimer contained therein. In addition, it is important to understand that this document will only fulfil its individual function and should be used as part of you wider UK GDPR compliance strategy. We would recommend that you take the time to understand the UK GDPR and conduct a data to audit so you can map personal data use within your business and where there may be security risks.

 The UK GDPR may have extensive impacts for your business, which could require changes to your operational and trading documentation such as your internal policies and training, compliance records, terms of business, outsourcing arrangements and marketing documentation. You should ensure you have obtained independent advice where necessary.

Our legal partners are Brabners and we will be happy to make an introduction.