This policy is a communication to your employees. It protects your company because it shows that you have taken due care and attention concerning the personal data held by the organisation.

Under the Data Protection Act 1998:

1. The organisation must be registered with the Data Protection Commissioner (now called the Information Commissioner).
2. All data must be obtained lawfully and processed fairly.
3. The data must be processed for defined purposes.
4. The data must be adequate, relevant to the individual, and not excessive.
5. The data must be accurate and not kept for longer than is necessary.
6. The date must be secure, and
7. Data cannot to be passed to other countries without protection.

The Data Protection Act 1998 makes it possible for anyone to find out what information is held concerning them on your computer (and in some paper records), specifically:

1. The data in question
2. To what purpose the information has been processed and used
3. Who has received the data
4. The source of the data

They will have to ask you to give them the information that they believe you hold (i.e. you don’t have to tell everyone about whom you hold information, just those who ask), but remember that you are legally obliged to comply with such requests. If you do not carry out your obligations under the Act then you may well incur the wrath of the Information Commissioner, whose job it is to carry out an assessment of any improper data processing.

View Sample Data Protection Policy

Includes:

• Data Protection Policy
• FREE E-mails at work document
• FREE Manual records document

The above files are in both .pdf and .doc Word format.