Free template: Data protection confidentiality letter in accordance with the GDPR and the UK DPA 2018
If employees or external service providers are processing personal data, companies (both controllers and processors) must ensure that those authorised to process the personal data have agreed to maintain confidentiality or have a statutory obligation not to disclose confidential information. It is therefore recommended that such individuals are required to sign a data protection confidentiality letter.
As companies are required to demonstrate compliance, this process should be documented. activeMind.legal provides a free template of a data protection confidentiality letter that meets legal requirements.
Data protection and confidentiality in accordance with the GDPR and the UK DPA 2018
The UK Data Protection Act 2018 (DPA) and EU General Data Protection Regulation (GDPR) do not set out explicit provisions requiring confidentiality when processing personal data protection. However, such a requirement is implicit in a number of GDPR provisions, such as Art. 5(1)(f) GDPR on integrity and confidentiality.
Furthermore, the GDPR does not set out how to ensure confidentiality is maintained by those processing personal data. Only Art. 28(3)(b) GDPR requires processors to ensure that individuals authorised to process personal data agree to maintain confidentiality unless they are already subject to an appropriate statutory obligation not to disclose confidential information. In order to meet the requirements of the accountability principle under Art. 5(2) GDPR, evidence that a data protection confidentiality letter has been signed must be provided.
Controllers must also prove that individuals authorised to process personal data have agreed to maintain confidentiality in order to meet the requirements of the GDPR.
Data protection confidentiality and secrecy templates
Our data protection confidentiality letter template includes not only a confidentiality statement but also an information sheet setting out the legal provisions that must be complied with by those processing personal data.
Please review the data protection confidentiality letter template and, if necessary, adapt the document to the needs of your company.