If a lot of existing corporate privacy policies are anything to go by, it’s really easy to write one. You summarise the GDPR principles, list the rights, mention breach reporting and if you feel like adding a bit of flair, you can say how important the GDPR is to your senior people.

Alternatively, you could avoid this dreary cut and paste nonsense and ask a simple question. What is this policy for? What difference do we intend it to make to our staff – the people we intend to read it – and the way in which they use personal data? Are there concrete things we want them to do? Specific actions or procedures we want them to follow? Do we want to outline the different responsibilities that staff within our organisation might be called upon to carry out?

The answer to all of these questions is yes. Come with me, my friends, on a journey into Policies That Aren’t Just Meaningless Waffle. Go on an exciting adventure into the land of This Isn’t Just A Placeholder To Keep The Auditors Happy.

No indeed, this session is about how you create a meaningful and effective policy. Give it a try.