Security Policy Templates

Under the GDPR you must take “appropriate technical and organisational measures” to secure personal data. What is appropriate depends on the processing risk. You must be able to demonstrate that you have taken appropriate measures and are able to make your considerations in this regard readily comprehensible. It is partly for that reason that it is important to check whether your security policy is still compliant and to update it where necessary. Check our data privacy policy template (data privacy policy specific for site web) and the privacy notice.

Creating an internal Data Protection Policy is a good way of starting your compliance with the GDPR. The policy applies to your company ensures the basic principles on data protection.


Furthermore, the employees should read the new data privacy policy for complying with the new code.

In addition, the GDPR introduces obligations in the field of Privacy by Design and Privacy by Default. This means that as soon as you have chosen a medium for data processing or when designing systems or applications, you must take the personal data protection into account by implementing security measures and data minimisation, for example. The standard settings must be such that only personal data is processed for a specific aim. The rights of those concerned must be taken into account at all times as well, which includes in the design of a processing operation.