Under the GDPR (General Data Protection Regulation), organisations that process personal data must demonstrate the measures they are taking to protect that data. As a data controller, you have a duty to create a privacy policy in which you explain how your organisation complies with the GDPR.
You must consider the nature, scope, context and purpose for which you process personal data. At Projective Group, our privacy experts can either help you to create a new privacy policy or review your existing policy to ensure that it is fit for purpose.
As well as a privacy policy, there are other policy documents needed to comply with the GDPR. We can help you to draft or review these documents. They may include:
Privacy Statement
A document accessible to your customers, which explains what personal data you process and what you do with that data. For example, if it is shared with third parties.
Processing Register
This is where your organisation records the processing of personal data. It includes the legal basis for processing that personal data and how you secure it. This document demonstrates your compliance with the requirements of the GDPR.
Processor Agreement
if your organisation engages a third party to process personal data, you must have a processor agreement. This governs the responsibilities involved in the processing of personal data. It includes agreements about, among other things, the purpose and duration of the processing, the way in which the personal data is processed and the people who have access to that data.