Under the General Data Protection Regulation [‘GDPR’] organisations must be able to prove that they are compliant with the six data protection principles. 

This is known as ‘accountability’.

Organisations also have to comply with the regulation as a whole.

You will need to have in place suitable organisational policies and procedures.  Every organisation should have a general data protection and an information security policy at least.

Other matters to consider [the list is not exhaustive] and to document might be:

Privacy notices to give to employees/ customers;

Procedures for dealing with requests by people to exercise rights e.g. subject access;

Your approach to the sharing of information and data sharing agreements;

Your approach to tele- working (outside of the office);

Classification of documents/ access control;

Encryption policy;

Password policy ;

Proper disposal/ erasure of information/hardware;

Data breach procedures;

For further information please contact us.


Gap Analysis


DPO Services


Data Breach Service

Software Licensing

Information Security

Legal Services


Marketing To Individuals





Data Subject Right Service


Representatives & Brexit

Please contact us to arrange a free no obligation telephone discussion.

Download Our FREE E-Book Today!

Enter your details to download our e-book that demystifies Subject Access Requests.

Contact Us

Privacy Policy