Personal Data Protection Policy

120.00 inc. VAT


Personal Data Protection Policy



Our Personal Data Protection Policy is suitable for any type of business that processes personal data. It can be customised by following the instructions in the enclosed “Terms of Use-Customisation Instructions” document.


Companies that process personal data (controllers, processors) are obliged to comply with the Regulation (EU) 2016/679 {GDPR} for the processing of personal data. Companies should design and implement procedures and processes to comply with the provisions of the GDPR, as well as security measures for the protection of the personal data that the company processes.

The GDPR came into force on the 25th of May 2018. The GDPR lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

In order to implement the necessary procedures, processes and security measures, a Company shall develop a Personal Data Protection Policy outlining the procedures and processes to follow in order to comply with the GDPR provisions and the security measures that it has implemented. The Company shall implement appropriate security measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

The Personal Data Protection Policy shall be communicated to all employees of the company and the company shall ensure that employees who process personal data for their daily employment duties follow the Company’s procedures and policies for the processing of personal data.

Areas Covered

Our comprehensive template covers the following areas:

  • The reason for the development of the Personal Data Protection Policy.
  • Explanation of the GDPR.
  • The General principles of the GDPR.
  • Description of data protection risks.
  • The responsibilities of the Company when processing personal data.
  • General Employees Guidelines.
  • When the consent of data subjects is needed.
  • The lawfulness of processing personal data of different data subjects’ categories.
  • Description of the personal data in process related to the different categories of data subjects.
  • Description of the personal data storage according to the different forms of the personal data.
  • The conditions for the transfer of personal data within the Company’s group, the transfer to a third-party based in EU and EEA and to a third-party based in a third country.
  • The various disclaimers on email communications.
  • Description of the time period for keeping personal data in storage and the process for the destruction of personal data.
  • Reference to the processing of personal data of children.
  • The conditions for processing personal data for a purpose other than that for which personal data has been collected.
  • Analysis of the implementation of various organisational, physical and technical security measures.
  • Reference to the obligation to keep personal data up to date and accurate.
  • Description of the various data subjects’ rights.
  • Analysis of the procedures to follow in case a personal data breach is happened.
  • Reference to the inquiries and complaints to the Company, as well as for the “Cookies” that the Company uses on its website.
  • The records of personal data that the Company shall keep.
  • Amendment / Validity.
  • Annexes of supplementary documents that a Company should have in place for the proper implementation of GDPR procedures.

What is included?

  • 34-page Personal Data Protection Policy Template
  • Terms of Use-Customisation Instructions