In May 2018, the law around the UK's data protection laws changed to be relevant to the digital world.
Although many principles remain the same as, or similar to, the earlier data protection law (known as the Data Protection Act), there are a number of key changes that you need to be aware of under the new law (known as the General Data Protection Regulation, or GDPR).
This handbook has been created to enable you to see at a glance not only the documents you need but also the guidance you need to put the documents into context.
General privacy notice
The notice is used to advise those individuals that you engage with in business how you collect, handle, store and potentially also share, their personal data. It also describes the rights that the UK's data protection law (the GDPR) gives them in relation to your activities.
Website privacy notice
This is something that all businesses with websites need to have. It advises the individuals that you do business with details of how you collect, handle, store and potentially also share, their personal data.
Like the general privacy notice, it also explains what rights are given to them in relation to your activities by the UK's data protection and privacy laws (the GDPR).
Job candidate privacy notice
This privacy notice is designed to inform individuals that apply for roles within your business of how you collect, handle, store and potentially also share, their personal data, as well as the rights that they have in relation to your activities, under the UK’s data protection law.
Employee, contractors and workers privacy notice
This privacy notice is for advising your employees, contractors and workers how you collect, handle, store and potentially also share, their data, as well as the rights that they have in relation to your activities, under the UK’s data protection law.
This policy is designed to sit alongside your website privacy notice and your website terms and conditions.
You should have a cookies policy that's fully accessible on your website, as well as the standard cookie pop-up notice on your front/landing page.
Data handling rules – and what GDPR means for small businesses
This guide teaches you the key facts of the GDPR and gives detail as to the main changes.
Essential steps to comply with UK data protection rules (GDPR)
This guide details the 14 essential steps that must be taken to comply with the UK's data protection laws, the GDPR.
A 14-point checklist for complying with the UK data protection rules (GDPR)
To be used alongside the guide above the essential steps to comply with UK data protection rules (GDPR) guide, this is an interactive checklist to help you keep track of the steps you've completed.
Data breaches under UK data protection rules (GDPR) – What you need to know
This guide explains what a data breach is, what counts as a 'notable' breach, and what a notification of a data breach needs to include.
Do I need a data protection officer (DPO)?
This guide covers what a DPO's duties are, who must appoint one, and who a DPO can be.
The right to be forgotten - what you need to know
This guide defines the right to be forgotten and explains where the right can and can't be applied.
What does the UK data protection rules (GDPR) mean for marketing activities?
This guide focuses on the GDPR's impact on marketing activities within a business – and answers questions on what legitimate interests can be for communications and whether or not contacts can be held on email-marketing databases.
What is the accountability principle under the UK data protection rules (GDPR)?
This guide lists the ways in which you can show you're compliant with the GDPR, as made your responsibility by the law's accountability principle.
What should you do if your business data has been compromised?
This guide lists the steps to take depending on the type of data compromise your business may have. It also shares some tips for preventing your data being compromised.
Registration with the Information Commissioners Officer (ICO) under UK data protection rules (GDPR)
This guide highlights the various fees involved in registering with the ICO.
How to ensure your existing employment contracts are compliant with UK data protection rules (GDPR)
This guide informs you of the options you have for ensuring your employment contracts are GDPR compliant, no matter whether they're created before the law can into place or after.
How to draft your relevant contracts to comply with the UK data protection rules (GDPR)
This guide explains how you can ensure your contracts are GDPR compliant (besides the employment ones, which are covered in the guide above).
Subject Access Requests (SARS) under the UK data protection rules (GDPR), rights to rectification and the right to restrict processing
This guide informs you of when you'd need to provide the data after receipt of a Subject Access Request, it shows you how to respond to rectification requests and provides detail regarding data processing restrictions.
Information to be provided to individuals under UK data protection rules (GDPR)
This guide lists the 2 types of information that you must give to individuals to be compliant with GDPR legislation.
Want to access this guide?
Already have a Farillio account? SIGN IN
Get unlimited access to 100s of legal resources by signing up to Farillio today.
- Manage your legal documents online
- Well written legal templates by our partners
- Guides to help you understand law
- Legal help available every step of the way