Search

How can we help?

Privacy and Data Protection

Privacy documentation

 

The right privacy documentation demonstrates a commitment to information protection, building trust and confidence in your organisation and earning the loyalty of those you work with – whether customers, clients or staff.  

Our team can provide a full suite of data protection documentation including privacy statements, cookie use policies, internal policies and procedures, data sharing and processing agreements. 

“Very professional, knowledgeable and accessible lawyers.” 

Chambers and Partners

FAQs – Privacy Documents

This is any document containing data privacy information. It can range from privacy statements and cookie use policies, to internal policies and procedures that your employees will have to comply with to meet their data protection obligations.

There are various documents, however we have listed the main documents below:

  1. Data Protection Policy
  2. Privacy Notice
  3. Employee Privacy Notice
  4. Data Retention Policy
  5. Data Retention Schedule
  6. Data Subject Consent Form
  7. DPIA Register
  8. Supplier Data Processing Agreement
  9. Data Breach Response and Notification Procedure/Policy

There are certain steps and documentation needed to demonstrate compliance. These include, but are not limited to:

  • Testing and auditing data protection measures
  • Implementing technical measures to ensure compliance
  • Documenting and recording compliance measures
  • Determining and documenting a lawful basis for each instance of personal data processing
  1. Lawfulness, fairness and transparency in processing of personal data
  2. Collecting personal data for specified, explicit and legitimate purposes
  3. Accuracy in holding personal data and keeping it up to date
  4. Processing in a manner that ensures appropriate security of the personal data

Article 30 of the UK GDPR imposes documentation requirements on controllers and processors, which includes the purposes of processing personal data; the categories of individuals whose personal data is being processed; the name of any third countries or international organisations that you transfer personal data to; and a general description of your organisation’s technical and organisational security measures to protect the personal data.

Key contacts

Read, listen and watch our latest insights

art
  • 19 February 2024
  • Privacy and Data Protection

The role of Data Protection Officers in ensuring compliance

How many of us receive marketing calls for products and services we did not sign up for?

art
  • 09 February 2024
  • Privacy and Data Protection

Are we suffering from cookie fatigue?

An over-indulgence in Easter treats might not be the only cookie fatigue that individuals will suffer this year according to the Information Commissioners Office (ICO).

Pub
  • 26 January 2024
  • Privacy and Data Protection

AI Podcast: AI, Discrimination and Automated Decision-making

In this podcast, Lucy Densham Brown and Jordan Masters, members of the data protection team at Clarkslegal, discuss how using AI and automated decision-making could conflict with GDPR protections and lead to discrimination.

art
  • 28 December 2023
  • Privacy and Data Protection

Data Protection: What’s in store for 2024?

As 2023 nears to a close, we take a look at some of the key trends and developments to watch out for in 2024.

art
  • 12 December 2023
  • Privacy and Data Protection

Is Santa’s List Naughty or Nice?

All year we all work hard to make sure we end up on the Nice List, and avoid that dreaded lump of coal at the end of our bed. But what about Santa himself?

art
  • 04 December 2023
  • Privacy and Data Protection

The UK-US data bridge for transfers of personal data – Melanie Pimenta writes for Business Voice magazine

In Business Voice magazine, Melanie Pimenta, Senior Solicitor at Clarkslegal writes that transferring data can be a tricky business and the risks of getting it wrong can be costly both reputationally and financially.