Procedures & Policy

A Policy should be a document that reflects actual business practice, and the Information Commissioner may ask to see evidence of how you have integrated policy into the mainstream processes.

Service Description

Having a set of policies that define how you collect, process, and protect data is a requirement under the regulation. Having a further set of procedures defines how you carry out your written policy. Finally keeping records and registers helps you keep track of it all.
Under the GDPR, you are required to draft a comprehensive yet easy to understand Privacy Policy and make it accessible to your users. It is expected that your Privacy Policies will have the following information:
Your set of policies and procedures represent how you want the business to operate for each set of circumstance. Thought about in this way, they gain a new level of importance, because we want our business operations to work correctly for example when:
Some of the procedures and polices you could consider include:
Public Privacy Notice
Data Protection Policy
BYOD Policy
Information Security Policy
Communication Policy
Data Breach Policy
DPIA Policy
Data Retention Policy
Data Classification Policy
Asset Disposal Procedure
Password Policy
Data Breach Procedure
DPIA Procedure
Data Retention Procedure
Data Classification procedure
Asset Disposal Procedure
DPIA Register
Data Breach Register
Data Processing Register (Article 30)

How We Can Help

We can review your existing policies and conduct a GAP analysis. We'll put a short plan together with list of new documents and changes required and then work with you to first determine how you want your operations to work, and then reflect that in an up-to-date and compliant set of documentation.

Use the button below to contact us and have a friendly discussion on how we can help.

Got Questions?

Contact us and let us know how we can help you
Contact us!

We're a group of privacy and security consultants with experienced GDPR practitioners and Data Protection Officers. We look forward to helping you align your company goals with appropriate and adequate organisational and technical measures. 

Copyright 2018 UKGDPR Limited, a company registered in England, company number: 11002759