Data Protection Policy

Use this customizable PeopleGoal Data Protection Policy template as an outline for your company’s employment policies. The PeopleGoal Data Protection Policy describes terms for data protection rules, which apply to American companies. Simply adjust the information in the brackets to suit your company’s needs.

Data Protection Laws

This company takes data protection very seriously. With the increasing ransomware attacks and data breach leaks, cyber security has never been more important than it is now. That’s why our company has instituted a Data Protection Officer charged with monitoring and ensuring compliance with privacy laws.

General Data Protection Regulation (GDPR)

As an American owned and operated company, this company is generally not subject to European data protection legislation such as the GDPR. However, if we opt to work with, employ, or collect data from any persons based in the European Union or European Economic Area, the following rules apply.

Any company that holds any data on European Union citizens, or European Union based persons, from personal information such as credit cards numbers to even a simple a photo of the citizen, is subject to GDPR. For this reason, we frequently assess what data we possesses, where and how it’s retained, and set legally defensible policies for how that data will be collected, managed, and destroyed. Each department has appointed a Data Protection Officer charged with performing a Privacy Impact Assessment and managing this information.

GDPR is designed to protect every EU citizen’s personal data. This company works to ensure security of data through data backup, early protection, preventative monitoring, spam filters, and employee awareness training. Employees of this company that reside or work in the European Union are allowed to request copies of their data at any time.

The Data Protection Officer is responsible for documenting and reporting the details outlined in this section. The Data Protection Officer is also responsible for monitoring customer and consumer facing websites for privacy policy compliance. California Privacy Laws

As an American owned and operated company, this company is subject to California’s privacy laws including the California Consumer Privacy Act and the California Online Privacy Protection Act. We strive to comply with these laws and protect the data of citizens.

The California Consumer Privacy Act affords California residents an array rights, including the right to be informed about what kinds of personal data companies have collected and why it was collected. The law stipulates that consumers have the right to request the deletion of personal information, opt out of the sale of personal information, and access the personal information in a “readily useable format” that enables its transfer to third parties without hindrance. This law comes into effect in 2020, and the Data Protection Officer will ensure that our company is compliant by that date.

The California Online Privacy Protection Act (CalOPPA) is a California law with national reach. CalOPPA applies to any person or entity that owns or operates a commercial website or online service that “collects and maintains personally identifiable information from a consumer residing in California who uses or visits” said website or online service. CalOPPA does not apply to Internet service providers or similar entities that transmit or store personally identifiable information for a third party. CalOPPA generally requires that a privacy policy is displayed conspicuously on our company’s website. We are compliant with this regulation and the Data Protection Officer will ensure that we continue to be in compliance.

The Data Protection Officer is responsible for documenting and reporting the details outlined in this section. The Data Protection Officer is also responsible for monitoring customer and consumer facing websites for privacy policy compliance.

Disclaimer: The PeopleGoal Policies are general templates and should only be used as a basis for company policies. Please take into account all local, state, and federal laws when drafting your company’s final policies. This is not a legal document or a contract, and PeopleGoal will not assume any legal liability associated with the use of this document.