Internal Policies - Heald Law
Select Page

Internal Policies

Creating internal GDPR compliant policies

To comply with the General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018, all businesses, organisations and groups will need to consider and be aware of all personal data they collect, use and store.

You will need to carry out a personal data audit in order to establish what type of personal data you hold and how and why you process it.
We have created a data audit guide which you can download for free {link to download}. For more complicated processes you may like to consult with one of Heald’s experienced business law team. You can find out more about our fixed fee consultations here {link to consultation page}.

Once you have completed an audit of the data in your business there are several procedures, which will need to be put in place and reflected in your policies. Some policies are essential to all companies, whereas others may only apply in certain situations. The following documents will need to be created for internal use. These policies are necessary for all organisations who handle any personal data. If you have policies in place already they may only need slight amendment. At the very least you will need the following policies:

  • Data Protection Policy
  • Data breach plan
  • Data breach register

If you do not have these policies, then we recommend that you prepare and implement them before 25th May 2018.

The following policies may apply in certain situations. For example, not all businesses will require clients to provide ID. If a business employs staff, an employee privacy notice will be required. The policies are:

  • Client ID Policy
  • Employee Privacy Policy/notice
  • Data protection impact assessment

Communicating GDPR policies to employees

Once you have GPDR policies, it is essential that all relevant employees are informed of the policies and procedures and provided with suitable training. The policies should be stored in an accessible place for reference.

We are experienced in preparing, reviewing and updating policies that are compliant with the General Data Protection Regulation. If you would like any help, please get in touch with Shital Odedra or David Dees on 01908 662277