Do you have a documented Data Protection Policy which obliges your organisation and all its employees and/or contractors to comply with Data Protection legislation?

We have an internal Data Protection Policy that we review annually or before we make significant changes to company structure or workings. We use the Privacy by Design method for everything we do. This is something the GDPR stipulates, which we are comfortable with as we have always worked on a “path of least access” […]