GDPR Data Protection and Privacy policy templates for use by recruitment agencies. As a business that collects, uses and stores personal data, you are obliged to comply with the General Data Protection Regulation.
The data protection policy template relates to how you comply with the GDPR legislation internally (i.e. instructions and obligations for your internal staff) and covers:
- A policy statement
- Interpretation of the law and definitions
- Scope of the policy
- Personal data protection principles
- GDPR requirements around lawfulness and fairness
- GDPR requirements around consent
- GDPR requirements around transparency
- GDPR requirements around purpose limitation and data minimisation
- GDPR requirements around accuracy
- GDPR requirement around storage limitation, data retention and disposal of records (including the length of time different types of documentation will be retained)
- Security, integrity and confidentiality (including protection of personal data, reporting personal data breaches and transfer limitation
- Data subject’s rights and requests
- Record keeping
- Training & audit
- Privacy by design & data protection Impact Assessment
- Automated processing
- Direct marketing
- Sharing personal data
- Data protection breach notification form
The privacy policy relates to external third parties whose data you may be handling, storing and sharing. Many companies will publish their Privacy Policy on their website to advise candidates and other third parties how their personal information will be used, and covers:
- The personal information you will request
- Automated information you may collect
- How you use the information you collect
- Profiling & automated decision making
- Information that you may share
- Length of time you will retain personal information
- The data subject’s rights and choices
- Complaints & escalation procedure (and process for making a Subject Access Request)
Whilst these two policies have been provided in a single document, it is strongly recommended that you separate them into two separate policies.
Length of Documents: Data Protection Policy – 20 pages, and Privacy Policy 8 pages
Last Updated / Reviewed: 01.05.18
If you need help with data protection or privacy questions in recruitment tenders, please contact us on 01688 400319 or email fiona.brunton@bruntonconsultancy.co.uk
Please note; this document is provided on the terms of the disclaimer contained therein. In addition, it is important to understand that this document will only fulfil its individual function and should be used as part of you wider GDPR compliance strategy. We would recommend that you take the time to understand the GDPR and conduct a data to audit so you can map personal data use within your business and where there may be security risks.
The GDPR may have extensive impacts for your business, which could require changes to your operational and trading documentation such as your internal policies and training, compliance records, terms of business, outsourcing arrangements and marketing documentation. You should ensure you have obtained independent advice where necessary.
Our legal partners are HRC Law LLP and we will be happy to make an introduction.
£395.00