To see all content you need to log in or Buy now 

Send to a friend
Model documents and policies

Downloadable and customisable documents relating to data protection. For more information see the employment law pages on Data protection.

Employee privacy notice
Employee privacy notice
Last Modified
A privacy notice can be used as part of a data protection compliance system and explains how you use data. This version is to be used for your employees; a separate version exists for job applicants.
Job applicant privacy notice
Job applicant privacy notice
Last Modified

A privacy notice can be used as part of a data protection compliance system and explains how you use data. This version is to be used for your job applicants; a separate version exists for employees.

Data protection policy
Data protection policy
Last Modified

This policy outlines the Company's approach to protecting data in the workplace in accordance with GDPR, including data protection procedures, access to data,  disclosures and security of data, how the Company will notify a breach, training and the identification of officers responsible for data protection.

Data transfer security policy
Data transfer security policy
Last Modified

This policy covers definitions, the law, transferring data, memory sticks, action to be taken if data goes missing and negligent transfer of data.

Monitoring policy
Monitoring policy
Last Modified

This policy outlines the Company's approach to monitoring in the workplace, including CCTV, email, internet, telephone and related data protection issues. The policy outlines the extent of monitoring in the workplace and states that the Company may use information gathered through employee monitoring as the basis for disciplinary action against employees.

Data breach notification policy
Data breach notification policy
Last Modified

This policy includes the definition of a breach, allows for the inclusion of data breach detection methods, and sets out the circumstances where notification is needed, both to the supervisory authority and the individuals whose data was subject to a breach.

Policy on data subject rights
Policy on data subject rights
Last Modified

Under the GDPR, data subjects have many rights in relation to their data. This policy sets out those rights, and the criteria attached to exercising them.

Subject access request policy
Subject access request policy
Last Modified

This policy gives details about how the organisation will handle a subject access request under the GDPR.

Confidentiality agreement
Confidentiality agreement
Last Modified

This agreement outlines that an employee agrees to keep secret and not at any time either during their employment or after its termination, use, communicate or reveal to any person for the employee’s or any other person’s benefit, any trade secret or confidential information concerning the business, finances or organisation of the Company or any Associated Company, their systems, techniques or know how of their suppliers or customers. The agreement also requires the individual to comply with the Company's rules on data protection.

Consent form for employees who leave
Consent form for employees who leave
Last Modified

This consent form can be used to obtain consent from employees who leave your organisation for any data you wish to continue to process which does not fall under a separate lawful basis.

Consent form for new employees
Consent form for new employees
Last Modified

This form can be used to obtain consent for processing data from new employees, where no other lawful basis applies. You must include the specific reasons for different data processing activities.

Data deletion request form
Data deletion request form
Last Modified

Data subjects have the right to have their data deleted in certain situations. This form can be used by a data subject to request deletion. It requires the data subject to include their reason for the request.

Data restriction request form
Data restriction request form
Last Modified

Data subjects have the right to have the processing of their data restricted in certain situations. This form can be used by a data subject to request restriction. It requires the data subject to include their reason for the request.

Data rectification request form
Data rectification request form
Last Modified

Data subjects have the right to have their data rectified if it is inaccurate or incomplete. This form can be used by a data subject to request that data be rectified.

Subject access request form
Subject access request form
Last Modified

This form can be used by an employee to make a subject access request under the GDPR.

HR data audit form
HR data audit form
Last Modified

You can use this form to complete your HR data audit in preparation for GDPR. It enables you to review the life cycle of data that you process including the types of data, the reason for the processing, and the security measures you take.

Data objection request form
Data objection request form
Last Modified

Data subjects have the right to object to the processing of their data in certain situations. This form can be used by a data subject to object to that processing and requires the data subject to include their reason for the request.

Letter in response to a subject access request
Letter in response to a subject access request
Last Modified

Use this letter to acknowledge an employee’s request to see a copy of the personal data held by their employer and enclose a copy and description of the data held, for what purposes it has been used, who has seen it, and how it was obtained. There are also options to explain why data has been retained.

Letter asking employee to pay a fee in relation to subject access request
Letter asking employee to pay a fee in relation to subject access request
Last Modified

Use this letter to request the payment of a fee on receipt of a subject access request. Please note under the GDPR a reasonable fee can only be requested where the request is manifestly unfounded, excessive, repetitive or further requests of the same information are made.

Letter asking an employee to provide proof of identity relating to subject access request
Letter asking an employee to provide proof of identity relating to subject access request
Last Modified

Use this letter to ask an employee to provide proof of identity before access can be granted to personal data held by the company.

Letter informing of extension of time to comply with subject access request
Letter informing of extension of time to comply with subject access request
Last Modified

Use this letter to inform the employee of the reason why the time to comply with the subject access request has been extended. Please note under the GDPR the time to comply can only be extended to three months.

Contract clause on handling data in line with GDPR
Contract clause on handling data in line with GDPR
Last Modified

This clause can be added to any existing policy, the subject of which involves the processing of employee personal data, as an extra tool to demonstrate transparency of data handling.

CCTV policy
CCTV policy
Last Modified

This template policy can be used to outline the organisation's use of CCTV, the reasons for utilising CCTV and to ensure employees are aware of the locations where CCTV is used in the workplace.

Electronic communication policy
Electronic communication policy
Last Modified

This policy can be used to outline the internal policy on use of IT and communication methods. The policy also contains details on internal and e-mail use, monitoring of business communications and data protection.

Garda vetting policy
Garda vetting policy
Last Modified

This policy can be used by relevant organisations to outline how the organisation will carry out Garda vetting, including the method for vetting, the consequences of failing to provide required information and data protection obligations.

Policy on employees' rights in relation to their data
Policy on employees' rights in relation to their data
Last Modified

Use this template policy to inform employees of their rights in relation to their data, including the right to be informed, the right of access and the right of erasure.

Policy on making a protected disclosure
Policy on making a protected disclosure
Last Modified

This template policy can be used to set out the process to follow when an employee wishes to disclose information relating to wrongdoing within the organisation.