Data assets management policy

What’s data assets management policy and when do you need one?

This policy complements your data protection and data retention policies. It will also sit neatly alongside any policy you have for employee use of computers, the internet and other devices.

It covers how you’re managing data internally, as a matter of course. It’s not about customer or other people/businesses data, although there can be some slight areas of overlap.

This one’s about the data that’s passing between you as a team – and how you keep it safe and prevent it from leaking out inadvertently.

So here, you’re handling your own trade secrets and confidentiality, which should also have a beneficial outcome for other data that you’re legally bound to handle in particular ways.

There’s no legal obligation to have this policy in place. However, there are strong commercial reasons for doing so, including your ability to protect vital business information, and to demonstrate reassuringly to team, customers, partners and investors that you have good management and operational practices in place.

It will also have a positive impact on your legal data protection obligations.

Our experts recommend that you do not give this policy contractual status in any employment or other contract, but that you do reference it in such contracts, making it clear that the worker is expected to comply with the policy, and that you have the right to update or revise it, in your discretion and as you determine necessary.

You should conduct a data audit/data mapping exercise to help you understand what data you hold and therefore what this policy needs to cover and whether you need to include specific sections on more unusual elements of what your business does.