In our blogs and when talking to clients we often refer to a “data protection programme”, but we realise you may be wondering what we mean by this…
Data protection programme
To comply with your various obligations under data protection laws there are a number of things that you must have in place.
As explained in our blog “Bloody Data Protection! A risk-based approach” there is no “one size fits all” approach to data protection – meaning that there is also no standard document stack.
But there are various things which all businesses will need to have in place to ensure data protection compliance – although the content and extent of each will vary depending on the business and the data it processes.
What this involves:
This will include:
- Data flows – see “Bloody Data Protection! Where to I start?”
- Risk assessment – see “Bloody Data Protection! A risk-based approach”
- Staff training
- Internal documents such as:
- Board decisions
- Policies (e.g. risk management policy, records management and retention policy)
- Procedures (e.g. dealing with data subject requests, data breach procedure)
- Templates (e.g. responses to data subjects, data protection impact assessment)
- External documents such as:
- privacy policy
- contracts with suppliers.
So when we use the term “data protection programme” it is all of these things together that we mean!
We have strategic and operational DPO experience of delivering programmes so get in touch if you need help creating and/or implementing a data protection programme within your business. Email alison@law-point.co.uk or call 01202 729444.
