GDPR Glossary

Personal data protection policies and procedures

FORMAL ANSWER

Personal data protection policies and procedures are internal documents of an organisation, adopted by an act of its governing body and binding on employees and collaborators, i.e. persons authorised to process personal data. These documents set standards of conduct for meeting individual GDPR requirements. Under Article 24(2) GDPR, implementing appropriate data protection policies is the controller’s obligation where proportionate to the processing activities.

PRACTICAL ANSWER

Policies and procedures for personal data protection are documents that help employees find answers to data protection questions: how to process personal data, how to secure them, whom to report an incident to and what steps to take after it is detected, and how to carry out required analyses. Internal policies and procedures should above all be useful — enabling the most effective GDPR implementation possible. The required list of personal data documentation is published on the Polish DPA website.

MORE

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.