Data Protection Policy

Use this customizable PeopleGoal Data Protection Policy template as an outline for your company’s employment policies.

Use our customizable PeopleGoal Data Protection Policy template as an outline for your company’s employment policies. The PeopleGoal Data Protection Policy describes terms for data protection rules, which apply to American companies. Simply adjust the information in the brackets to suit your company’s needs.

What is Data Protection?

Data Protection is the legal necessity for an organization to protect an individual's identifiable information.

It is important for organization's to use the data they collect fairly and responsibly. Examples of data that should be securely stored or encrypted include:

• Name
• Address
• Banking or Payment Details
• Health Information

Why is having a Data Protection Policy important?

It is particularly important to take data protection seriously now more than ever as the new digital world experiences more ransomware attacks and data breaches. Over the last 10 years, there have been more than 300 cyber-attacks which have stolen more than 100,000 records.

It is crucial that:

• data is only used in specific stated and relevant ways
• data is not stored for longer than necessary
• data is kept safe and secure

Most organizations have a Data Protection Officer who is charged with monitoring and ensuring compliance with privacy laws. This is important for business management and maximizes customer and employee loyalty.

Laws and regulations vary between countries and states.

What is GDPR?

If an organization works with, employs, or collects data from any person based in the European Union or the European Economic Area, they must comply with the GDPR.

The General Data Protection Regulation (GDPR) stipulates that organizations must assess the data that they possess, consider where and how it is retained, and set legal policies to determine how data is collected, managed, and destroyed.

Most departments appoint a Data Protection Officer charged who completes a Privacy Impact Assessment and manages all the above information.

Examples of measures taken include data backup, early protection, preventative monitoring, spam filters, and employee awareness training. Employees are allowed to request copies of their data at any time.

What are the California Privacy Laws

If an organization is American owned or operated, they are subject to California's privacy laws, including the California Consumer Privacy Act and the California Online Privacy Protection Act. These laws have national reach.

Citizens have the right to be informed of what data was collected and the purpose of this. Consumers can request their data be deleted, opt out of the sale of their information, and can access their personal information in a "readily useable format."

The California Online Privacy Protection Act (CalOPPA) requires that privacy policies are displayed conspicuously on a company's website.

What does our Data Protection Policy include?

PeopleGoal's Data protection Policy Template includes the following in our employment guidelines:

1. Document Overview
2. General Data Protection Regulation (GDPR)
3. California Privacy Laws
4. Disclaimer

Download our template and edit the information in brackets to suit your company's needs. Consider the appropriateness of using the GDPR and California Privacy Laws in regard to your location.

Disclaimer: The PeopleGoal Policies are general templates and should only be used as a basis for company policies. Please take into account all local, state, and federal laws when drafting your company’s final policies. This is not a legal document or a contract, and PeopleGoal will not assume any legal liability associated with the use of this document.