Data Protection Policies


Having a well rounded set of data protection policies is not only required by the GDPR but is good business practice.


Your data protection policies should not be a one time activity. Ensure that they are reviewed regularly to make sure they continue to be fit for purpose.

Make sure to communicate the policy and to train your staff so that they understand and abide by the policies set out by your organisation.

How to:

Have a set of data protection policies that cover the broad data protection principles that the GDPR underpins.

  • lawful, fair and transparent processing
  • Used for the specified, legitimate purpose
  • Relevant and limited to only what is necessary
  • Accurate and up to date
  • Retained only for as long as it necessary
  • Appropriately secured


  • GDPR Recitals: 74
  • GDPR Articles: 24, 5

How Gydeline helps

We, at Gydeline, help small and medium sized organisations save money and time by building systems, processes and policies that simplify their business and support their sustainability aims.  We do this with a range of services.

If you would like to discuss any aspects of dealing with this and other risks in your business we are always happy to offer some, free, no obligation assistance – just contact us.

Related Posts