Search

How can we help?

Privacy and Data Protection

Privacy documentation

 

The right privacy documentation demonstrates a commitment to information protection, building trust and confidence in your organisation and earning the loyalty of those you work with – whether customers, clients or staff.  

Our team can provide a full suite of data protection documentation including privacy statements, cookie use policies, internal policies and procedures, data sharing and processing agreements. 

“Very professional, knowledgeable and accessible lawyers.” 

Chambers and Partners

FAQs – Privacy Documents

This is any document containing data privacy information. It can range from privacy statements and cookie use policies, to internal policies and procedures that your employees will have to comply with to meet their data protection obligations.

There are various documents, however we have listed the main documents below:

  1. Data Protection Policy
  2. Privacy Notice
  3. Employee Privacy Notice
  4. Data Retention Policy
  5. Data Retention Schedule
  6. Data Subject Consent Form
  7. DPIA Register
  8. Supplier Data Processing Agreement
  9. Data Breach Response and Notification Procedure/Policy

There are certain steps and documentation needed to demonstrate compliance. These include, but are not limited to:

  • Testing and auditing data protection measures
  • Implementing technical measures to ensure compliance
  • Documenting and recording compliance measures
  • Determining and documenting a lawful basis for each instance of personal data processing
  1. Lawfulness, fairness and transparency in processing of personal data
  2. Collecting personal data for specified, explicit and legitimate purposes
  3. Accuracy in holding personal data and keeping it up to date
  4. Processing in a manner that ensures appropriate security of the personal data

Article 30 of the UK GDPR imposes documentation requirements on controllers and processors, which includes the purposes of processing personal data; the categories of individuals whose personal data is being processed; the name of any third countries or international organisations that you transfer personal data to; and a general description of your organisation’s technical and organisational security measures to protect the personal data.

Key contacts

Read, listen and watch our latest insights

art
  • 11 October 2023
  • Privacy and Data Protection

Online Safety Bill set to become law

As part of the government’s manifesto commitments, they promised to introduce a bill that would strengthen online safety in the UK particularly for minors. This commitment has now been met with the introduction of the Online Safety Bill, which has now passed through all the parliamentary stages and is awaiting Royal Assent.

art
  • 19 September 2023
  • Privacy and Data Protection

Organisations’ use of social media: Data protection

Social media applications (or commonly known as ‘apps’) are being developed all the time and we are constantly being introduced to new social media platforms, some of which take almost no time to gain huge popularity.

art
  • 16 August 2023
  • Privacy and Data Protection

PSNI and Electoral Commission Data Breach

Both the UK Electoral Commission and the PSNI, announced serious data breaches. This article looks at what happened to cause the breaches, and what lessons employers can learn from this about processing data and how to protect the information.

art
  • 09 August 2023
  • Privacy and Data Protection

Penalties for data breaches

Individuals and organisations alike are increasingly reliant on technology to assist with all kinds of functions – from communicating and sharing data to strengthening security and recruiting staff.

art
  • 27 July 2023
  • Privacy and Data Protection

Nigel Farage v NatWest: When you can’t bank on data protection?

If you have seen the headlines recently, you will have read that NatWest CEO Dame Alison Rose has resigned from her position following the row over Nigel Farage’s bank account and the disclosure of his banking data.

art
  • 21 July 2023
  • Privacy and Data Protection

What will happen if the Metaverse comes to life?

Metaverse talk has seemingly died down when just a few months ago it was a popular topic on the internet. This is no surprise since Mark Zuckerberg – the CEO of Meta Platforms, formerly ‘Facebook’ – has stopped discussing the Metaverse after a period of actively promoting it.