📄 Live Document Preview

Updates as you type

Your Organisation Name

Address Line 1, Town/City, Postcode

CQC: Pending | Ofsted: N/A

POL06

Data Protection & UK GDPR Policy

Registered Manager: [Manager Name] | DSL: [DSL Name]
Version: 1.0 | Review Date: [Annual Review] | Legislation: UK GDPR, Data Protection Act 2018, Human Rights Act 1998 Article 8, Computer Mis...

1. The Seven UK GDPR Principles

[ORGANISATION NAME] processes personal data in accordance with the seven data protection principles of the UK GDPR. Personal data must be: (1) processed lawfully, fairly, and in a transparent manner; (2) collected for specified, explicit, and legitimate purposes (purpose limitation); (3) adequate, relevant, and limited to what is necessary (data minimisation); (4) accurate and kept up to date; (5) retained for no longer than necessary (storage limitation); (6) processed securely (integrity and confidentiality); and (7) the data controller must be able to demonstrate compliance (accountability).

2. Lawful Bases for Processing

[ORGANISATION NAME] relies on the following lawful bases for processing personal data: for service delivery — performance of a contract or task in the public interest; for employment purposes — legal obligation and legitimate interests; for safeguarding — vital interests and legal obligation; for health and social care records — processing necessary for social care purposes under Schedule 1 DPA 2018.

3. Data Subject Rights

All individuals whose data we process have the following rights: the right to be informed; the right of access (Subject Access Request — must be responded to within 1 calendar month); the right to rectification; the right to erasure ('right to be forgotten'); the right to restrict processing; the right to data portability; the right to object; and rights relating to automated decision making and profiling.

4. Data Breach Procedure

A personal data breach is a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. [ORGANISATION NAME] must report breaches likely to result in a risk to individuals to the Information Commissioner's Office (ICO: 0303 123 1113) within 72 hours. Breaches likely to result in a high risk to individuals must also be notified to the affected individuals without undue delay.

5. Data Retention

Personal data is retained for no longer than necessary for the purpose for which it was collected. The Data Protection Officer is [DPO NAME]. Key retention periods: service user care records — 8 years after last contact (or until age 25 for children); staff personnel files — duration of employment plus 6 years; CCTV footage — 31 days unless subject to a complaint or investigation.

6. Review

This policy is reviewed annually by the Registered Manager and Data Protection Officer.

This policy continues with detailed procedures, staff responsibilities, record keeping requirements, monitoring arrangements, and sign-off section covering all regulatory obligations...

The full document is minimum 6 pages when generated as a PDF, covering all sections required by CQC Regulation 17.

🔒 Full Document

Complete payment to generate
your full personalised PDF

← Back to all policies

Data Protection & UK GDPR Policy

CQC Regulation 17 Ofsted Leadership Standard

⚠️ Fill in your details below. The preview updates live. Pay once to download your personalised PDF instantly.

1. Your Agency Details

Organisation Name *

Trading Name (if different)

Address Line 1 *

Address Line 2

Town / City *

County

Postcode *

Telephone *

Email *

Website

Upload Your Logo (PNG/JPG — appears in document)

2. Registration Details

CQC Registration Number

Ofsted Registration Number

Service Type *

Local Authority Area *

3. Key Personnel

Registered Manager Full Name *

Nominated Individual (if different)

Designated Safeguarding Lead (DSL) *

DSL Telephone

Deputy DSL Name

Fire Safety Lead

💡 Buying just 1 policy for £25?

The Complete Policy Suite gives you all 40+ policies for £349 — that's just 87p per policy. Plus these free bonuses worth over £800:

🎁 2hrs Consultancy 🎁 3 Months Email Support 🎁 Mock Inspection Checklist 🎁 Legislation Alerts 🎁 Review Reminders

🎁 Not sure if this is the right policy for you?

Ask our team free — no purchase needed. We answer within 1 working day.

Ask Our Team Free →

£25

One-time payment. Instant personalised PDF download.
Licensed exclusively to your organisation.

Choose your payment method

🔐 Both methods are fully secure | No card data stored by PolicyReadyUK

By purchasing you agree to our End User Licence Agreement. This document is licensed solely to your organisation.