Do you ever sit at a desk trying to read a company policy and find that the words are just not going in? Often company policies are written in the most turgid, dull and unintelligible language. The consequence is that employees never read them, much less remember what they say.
The European General Data Protection Regulation (GDPR) requires companies to be smarter than that. Under GDPR we must be more accountable and be able to “demonstrate compliance”. Part of being able to show compliance includes having proper staff policies in place to help employees understand their data duties.
The Essential policies – These are the ones you MUST have.
- Data Protection Policy – An essential guide to employees regarding how they may use data, how they can keep it secure, and the consequences of misuse. A good Data Protection Policy can prevent data breaches by helping employees understand how they are supposed to handle data.
- Data Retention Policy – A statement explaining when data in documents (or data held electronically) should be deleted. This policy sets out the time limits for deleting different types of documents so that we can stay within the GDPR storage limitation principle found in Article 5 of the GDPR.
- Data Breach Incident Policy – An emergency plan that tells your company what to do if a data breach occurs, how to form a team to deal with the breach, how to prevent any further loss of data and whether the company needs to tell customers and Regulators about the breach.