Purpose: The goal of this policy is to protect the sensitive data of our employees and customers and the company’s own intellectual property.
Scope: The information in this document applies to every employee who has access to the company’s electronic systems.
Responsibility: The Chief Information Security Officer (CISO) is the leader and face of data security in the organization. They are responsible for implementing and maintaining data security measures and responding to policy violations.
General policy statement:
Every employee involved in the collection and analysis of customer data must ensure that [Company name] is GDPR-compliant.
Employees must never send customer data to third parties unless authorized by management.
Sensitive data that is no longer in use must be deleted within 60 days.
Laptops and documents should be taken home or stored in lockers at the end of the work day.
All suspected security threats and data breaches must be reported and investigated.
Disciplinary action:
Infringement of this policy may result in disciplinary action or criminal prosecution.