We offer a full policy and protocol review and drafting service, including drafting full sets of documents or reviewing and improving your existing data protection policies, procedures and protocols.

Documentation and procedures

Having the right procedures, protocols and policies in place is a basic requirement of data protection compliance. Data protection law requires every business that processes personal data to have a full data protection compliance programme in place, and to have appropriate policies, procedures and protocols to cover the basic data protection requirements (for example, privacy and data retention policies, adequate notifications to data subjects, data breach protocols and DSAR – Data Subject Access Request – protocols).

This requirement is going to become even more important under the General Data Protection Regulation (GDPR), which will be take effect from May 2018. The GDPR allows for fines of up to €20 million, or 4% of annual global group turnover, for failure to comply with these requirements.

Drafting of documents

This service will ensure the correct drafting of the following types of documentation:

  • privacy and data protection policies – internal or external
  • Data Subject Access Request (DSAR) protocols
  • data breach protocols
  • security policies
  • data retention policies
  • data subject notifications
  • incident response plans
  • data transfer and data sharing agreements
  • data processing agreements
  • staff handbooks
  • training material