Search

How can we help?

Privacy and Data Protection

Privacy documentation

 

The right privacy documentation demonstrates a commitment to information protection, building trust and confidence in your organisation and earning the loyalty of those you work with – whether customers, clients or staff.  

Our team can provide a full suite of data protection documentation including privacy statements, cookie use policies, internal policies and procedures, data sharing and processing agreements. 

“Very professional, knowledgeable and accessible lawyers.” 

Chambers and Partners

FAQs – Privacy Documents

This is any document containing data privacy information. It can range from privacy statements and cookie use policies, to internal policies and procedures that your employees will have to comply with to meet their data protection obligations.

There are various documents, however we have listed the main documents below:

  1. Data Protection Policy
  2. Privacy Notice
  3. Employee Privacy Notice
  4. Data Retention Policy
  5. Data Retention Schedule
  6. Data Subject Consent Form
  7. DPIA Register
  8. Supplier Data Processing Agreement
  9. Data Breach Response and Notification Procedure/Policy

There are certain steps and documentation needed to demonstrate compliance. These include, but are not limited to:

  • Testing and auditing data protection measures
  • Implementing technical measures to ensure compliance
  • Documenting and recording compliance measures
  • Determining and documenting a lawful basis for each instance of personal data processing
  1. Lawfulness, fairness and transparency in processing of personal data
  2. Collecting personal data for specified, explicit and legitimate purposes
  3. Accuracy in holding personal data and keeping it up to date
  4. Processing in a manner that ensures appropriate security of the personal data

Article 30 of the UK GDPR imposes documentation requirements on controllers and processors, which includes the purposes of processing personal data; the categories of individuals whose personal data is being processed; the name of any third countries or international organisations that you transfer personal data to; and a general description of your organisation’s technical and organisational security measures to protect the personal data.

Key contacts

Read, listen and watch our latest insights

art
  • 18 March 2024
  • Privacy and Data Protection

Consent or pay: issues and considerations, Meta’s potential breach

The ICO has stated that any organisation considering using “consent or pay” must ensure that the consent to processing of personal data for personalised advertising is being given freely, and is fully informed.

art
  • 13 March 2024
  • Privacy and Data Protection

21 March 2024 Deadline: Are your international data transfer agreements compliant?

If your organisation transfers personal data from the UK to another country, it needs to comply with statutory requirements to ensure adequate levels of protection for that data are in place.

art
  • 06 March 2024
  • Privacy and Data Protection

Personal Data Breaches – How do I deal with them?

This article will provide an overview of the steps to take when experiencing a personal data breach.

Pub
  • 05 March 2024
  • Privacy and Data Protection

How do I protect my business in the event of a personal data breach?

Don’t let your business fall victim to personal data breaches. Join Louise Keenan and Rebecca Dowle, for a quick overview of how to protect your business.

Pub
  • 05 March 2024
  • Privacy and Data Protection

AI Podcast: AI and Intellectual Property

In the second of our three-part ‘AI Podcast’ series, Jacob Montague and Lucy Densham Brown, will be exploring how artificial intelligence (AI) interacts with intellectual property rights (IP rights).

art
  • 19 February 2024
  • Privacy and Data Protection

The role of Data Protection Officers in ensuring compliance

How many of us receive marketing calls for products and services we did not sign up for?