Data protection policy (DPA 1998 version) | Practical Law

Data protection policy (DPA 1998 version) | Practical Law

A standard policy for use by a business setting out the principles and legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of business-external personal data in the course of the operation and administration of the business, including customer, supplier and employee data.

Data protection policy (DPA 1998 version)

Practical Law UK Standard Document 9-379-8623 (Approx. 14 pages)

Data protection policy (DPA 1998 version)

by Practical Law Data Protection
Law stated as at 01 Oct 2016United Kingdom
A standard policy for use by a business setting out the principles and legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of business-external personal data in the course of the operation and administration of the business, including customer, supplier and employee data.
Integrated drafting notes. This document has integrated drafting notes embedded within the text. Click on a heading to read the note. See the Actions box on the right for additional viewing options.
Note: With effect from 1 February 2018, this resource is no longer being maintained. From 25 May 2018, the EU General Data Protection Regulation ((EU) 2016/679) (GDPR) replaced the current regime established by the Data Protection Act 1998. It is supplemented by the Data Protection Act 2018. For legal developments between 1 February 2018 and 24 May 2018, please refer to the legal updates on the topic pages for this resource: see Compliance and Employee Data Monitoring. For a Privacy Standard under the GDPR, please see Standard document, Data protection policy (UK).
The European Commission is reviewing a related piece of legislation, the E-Privacy Directive (2002/58/EC), implemented in the UK by the Privacy and Electronic Communications Regulations 2003/2426 (as amended) (PECR). Their replacement, the draft E-Privacy Regulation (COM (2017) 10 final) (draft ePR), will not be agreed in time to align with the GDPR (see Draft E-Privacy Regulation legislation tracker). The Information Commissioner's Office (ICO) has confirmed that PECR (with GDPR standard of consent) will continue to apply until the draft ePR is finalized. We are updating our direct marketing, cookie and other related resources to reflect this. For further information see E-Privacy Regulation tracker. For further information and ICO guidance, see Practice note, Overview of GDPR: UK perspective: Direct marketing and draft E-Privacy Regulation.