Under GDPR organisations must be able to prove that they are compliant with the regulation. This is known as ‘accountability’.

You will need to put in to place appropriate [this means suited to your organisation-one size does not fit all] policies, procedures as well as train staff to demonstrate that they understand them. Every organisation should have a data protection and an information security policy at least.

Other documents/ policies/ procedures to consider [the list is not exhaustive] putting in to place might be:

  1. Fair processing (privacy) notices to give to employees/ customers;
  2. Procedures for dealing with requests by people to exercise rights e.g. subject access;
  3. A data sharing agreement;
  4. A tele- working (outside of the office) policy;
  5. A document classification scheme;
  6. An encryption policy;
  7. Password policy;
  8. Incident management procedures;
  9. Contracts with data processors


For further information please contact us.

If you require advice on the above please contact us

Contact us