The data protection policy is a documentation that summarises all legal data protection aspects in the company. It includes objectives, responsibilities and documentation obligations and is one of the most important strategy papers of a company. A good data protection policy assists with meeting the accountability obligations of the European General Data Protection Regulation (GDPR) as stipulated by the supervisory authorities. It also serves as the basis for statutory data protection audits, e.g. by the customer. The template from activeMind helps you draft a data protection policy that provides optimal support for all parties involved in data processing in the company. At the same time, it outwardly shows the importance of and the company’s commitment to data protection.
The GDPR includes the principle of obligatory accountability in Art. 5 (2). Accordingly, each responsible individual or office must be able to provide evidence of having an overall policy for data protection compliance, which must also be regularly reviewed and, if necessary, further developed. In other words, companies that process personal data must establish a procedure to regularly review, rate and evaluate the efficacy of the data protection and data security measures. For this purpose, a data protection policy is the optimal starting point.