Data protection policy
What is Data protection policy?
A data protection policy is a company's written document explaining how it collects, uses, stores, and protects personal data, including employee data, and is one of the practical documents GDPR expects a company to have.
Where GDPR for HR is the set of rules a company has to follow, a data protection policy is the document that writes those rules down for a specific company - what data it collects, why, how long it is kept, and who can access it. It is what you would show a regulator, an auditor, or an employee who asks.
For HR specifically it should cover employee records, not just customer data, since salaries, performance notes, and health-related leave are personal data too. A retention schedule and an access-and-erasure process are usually referenced from the same policy rather than written twice.
Related terms
See also
Put these terms into practice
Flat-rate HR for European SMBs. 30 days free, no card, cancel anytime.
Start 30-day free trial