Data Protection Policy: Fill & Download for Free

Absolutely yes. And this is not just specific to India.The ongoing epidemic has just showed that Indian companies’ insistence on coming to office on the pretense of productivity, data security, compliance, discipline, etc. were just words.HCL, Infosys, and TCS have posted statements that even after this pandemic ends (hopefully soon), a large part of their workforce will continue to work from home.Post-COVID, 75% of 4.5 lakh TCS employees to permanently work from home by '25; from 20%HCL Tech follows TCS and Infosys' lead — says 50% of its employees will work from home even after the lockdown is liftedPrior to 2020, Infosys allowed employees to avail WFH for 9 calendar days every month[1], and it was one of the few firms to do so. Accenture also had quite the flexible WFH policy. But these were exceptions. WFH was usually treated as a privilege and not a more productive alternate. TCS only allowed WFH in special cases. The concept/policy as a whole was non-existent. Even globally, the situation was similar — Why work-from-home doesn't work -- in India and elsewhere.My current employer is subject to very stringent compliance and data protection policies. As such, most of the people working on client projects have to sit in a secure area, with some clients even demanding that smartphones should not be allowed in the working bay.This was before COVID struck. As of today, 99% of our projects are running as usual without any compliance issues or any drop in productivity and/or quality. Clients who were absolutely anal about these restrictions have had no choice but to surrender to the new world order.The same is likely the case with most employers.Indian corporate world has some really fucked up metrics and presumptions — people are lazy and won’t work dedicatedly from home, the longer someone is in office, the more productive they are, WFH is more like a day off. All of these baseless assumptions have been challenged and thrashed by the current litmus test.They say “necessity is the mother of invention”. The COVID epidemic has just been the decisive push to endorse what should be common sense.If you allow employees flexibility, they will be more engaged. If people don’t have to commute 2–3 hours every day just to reach office, they will be more focused and productive. If half of your workforce on any given day is working remotely, you can save 50% of your establishment costs.Footnotes[1] Infosys allows employees to work from home 9 days a month: Will it really increase productivity?

Everyone is updating their privacy policies because of a strict new law that is going into place in the European Union, the General Data Protection Regulation. Even if the company is not in Europe, if the company touches any data of people in Europe, it needs to comply with the law to avoid trouble. The law involves making it easy for people to understand and manage what happens to their data.Why Are All These Brands Emailing You About Their Privacy Policies?What the GDPR means for Facebook, Google and youWhat is GDPR? Everything you need to know about the new general data protection regulations | ZDNet

Can someone share the checklist for GDPR?A checklist is a great tool when you work on GDPR compliance. The GDPR is choosing consumer trust ahead of the business’s interests. From a legal perspective, that fosters the objective that the GDPR creates an accountability and transparency demand (specifically to the consent of the Data Subjects), it appears that to be compliant you need to appoint a DPO.Steps to take:GDPR Preparation ProjectInquire Third Party GDPR Compliance Implementation (if required)Perform gap assessmentGain senior management commitmentInitiate a project with appropriate resources and budgetEstablish document controlGDPR Roles, awareness and trainingConduct communication program to suppliers and other stakeholdersDefine GDPR roles and responsibilitiesIdentify lead Data Protection Supervisory AuthorityRecruit Data Protection Officer (if required)Appoint Data Protection Officer (if required)Conduct GDPR competence and training needs assessmentPerform GDPR related training and familiarisationConduct GDPR and information security awareness trainingGDPR Personal data mappingConduct initial personal data information gathering exercisePerform an audit of personal data by business areaDefine or Amend Data Protection PolicyIdentify a lawful basis for processing personal data in each caseConduct legitimate interest assessments where requiredIdentify record-keeping requirements and proceduresGDPR Privacy policies and noticesDefine personal data retention and protection policyCreate or amend existing privacy noticesReview and amend consent methods and proceduresAddress age-related consent and controls (children)GDPR Rights of the data subjectCreate and implement data subject request proceduresCreate and implement data subject consent formCreate and implement data subject consent withdrawal formCreate and implement parental consent formCreate and implement parental consent withdrawal formStart recording data subject requestsCreate and implement User Deletion Request PolicyGDPR Controllers and processorsUpdate contracts with processors to be GDPR compliantDistribute supplier questionnaires regarding personal data protectionProvide information to controllers for whom we act as a processorUpdate contracts with controllers to be GDPR compliantAddress employee confidentiality requirementsCreate and implement Bring Your Own Device PolicyGDPR Data protection impact assessmentDefine data protection impact assessment processConduct data protection impact assessment trainingPerform initial data protection impact assessmentGDPR International transfersIdentify international transfers of personal dataAssess the legality of existing international transfersPut in place agreements for international transfers of personal data (where required)GDPR Personal data breach managementCreate information security incident management procedureCreate a personal data breach notification procedure (Data Subjects)Create a personal data breach notification procedure (Supervisory Authority)Conduct information security incident management trainingTest incident management and breach notification proceduresCreate a business continuity plan or disaster plan in case of crisisInform the data subjects that were exposed to a data breachGDPR Project closureRepeat gap assessment to identify remaining non-compliant areasRespond to complaints of data privacy breaches, etcAddress any remaining non-compliant areasPerform post-project reviewCheck for example this checklist with relevant steps and documents you might need for your organization: Free GDPR Implementation Planning Gantt Chart in Excel.Whatever you choose to do, make sure this choice needs to be documented as part of the GDPR’s underlining accountability principle (GDPR Article 29).Hope this feedback was helpful! Please UPVOTE if you like this answer.