EMPLOYEE DATA PROTECTION TRAINING POLICY

This Employee Data Protection Training Policy (hereinafter referred to as” Policy”) is effective from [INSERT THE DATE ON WHICH AGREEMENT COMES INTO FORCE] and applies to all employees of the [INSERT THE NAME OF THE COMPANY] (hereinafter referred to as “Us” or “we” or “our” or “Company”).

This policy outlines the security measures and best practices to safeguard the confidentiality, integrity, and availability of personal data.

1. PURPOSE
   1. The purpose of this policy is to ensure that employees understand their responsibility regarding data protection and must comply with the requirements of the General Data Protection Regulation (GDPR) when handling sensitive or personal data. It outlines measures to protect sensitive and personal data from unauthorized access, breaches and loss.
2. SCOPE
   1. This policy applies to all [INSERT THE NAME OF THE COMPANY] data controllers, processors, contractors or any employee with whom personal data is being maintained, distributed or stored within the Company.
3. TRAINING AND RESPONSIBILITIES
   1. Our Company establishes various training methods such as workshops, online modules and assessments to increase awareness among employees about the importance of data protection and privacy.
   2. Employees and Data controllers must understand and comply with GDPR requirements when processing personal data specific to our business activities and client interactions.
   3. Employees and Data controllers must recognize and facilitate data subject rights such as Right to access, Rectification, Erasure, Data portability as per our Company’s processing activities.
   4. Employees and Data controllers must record detailed information about the processing activities. This aims to ensure transparency and accountability in data processing activities.
   5. Both Data controllers and Data processors must adhere to security measures prescribed by the Company, such as encryption of personal data, access controls, and secure storage of data against unauthorized access or disclosure.
4. DATA STORAGE AND SECURITY
   1. Personal and Confidential information should be stored securely, whether in physical or electronic form, to prevent unauthorized access, use, or disclosure.
   2. Appropriate technical and organizational measures should be implemented to protect personal information against accidental or unlawful destruction, loss, alteration, or unauthorized access.
   3. Access to personal information should be restricted to authorized personnel on a need-to-know basis.
   4. All devices of the facility containing sensitive information and data must be secured by strong passwords. The devices or other systems of the facility such as computers or mobile devices must be encrypted, and password protected.
5. INCIDENT AND BREACH REPORTING
   1. Both data controllers and data processors must promptly detect and respond to data security incidents.
   2. Our Company establishes incident response procedures to assess the impact of the incident and take appropriate measures to mitigate risks and restore the security of personal data.
   3. Employees should be trained to recognize and report data security incidents to designated personnel within the Company
   4. In the event of data breach, Data controllers are required to notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of a data breach that is likely to result in a risk to the rights and freedoms of individuals.
   5. Data processors must notify the data controller of any personal data breach without undue delay after becoming aware of the breach.
   6. The notification to the supervisory authority should include details of the nature of the breach, categories of data subjects affected, approximate number of data subjects affected, and measures taken or proposed to address the breach.
   7. Data controllers must maintain documentation of all personal data breaches, including the facts surrounding the breach, its effects, and the remedial actions taken.
6. CONFIDENTIALITY, INFORMATION SECURITY, PROPRIETARY INFORMATION AND INTELLECTUAL PROPERTY
   1. We are committed to business information confidentiality, integrity and accessibility, we implement proper technical security measures and it is our staff’s obligation to uphold this. Proprietary information includes all non-public information that might be harmful to the company or its customers, business partners if disclosed to unauthorized parties. All members must handle any such information as secret. It also covers that, no one is entitled to trade with securities while in possession of non-public information or deliver non-public information to others that could have an impact on the securities. Every rule ensuring information security must be followed all the time.
   2. Employees must maintain the confidentiality of the company and information. Sharing sensitive information with unauthorized individuals is strictly prohibited.
7. PRIVACY, PERSONAL DATA PROTECTION
   1. We respect employees' privacy and we acknowledge customers, employees and other natural persons’ need to feel confident that their personal data is processed appropriately and for a legitimate business purpose. We are committed to comply with all personal data protection laws. We only acquire and keep personal information that is necessary and we give proper information on these activities to data owners. We implement proper security measures to assure confidentiality, integrity and availability of personal information.
8. COMPLIANCE
   1. Compliance with this policy and applicable laws should be regularly monitored and updated to identify and address any potential gaps or non-compliance.
   2. Any identified breaches or non-compliance should be promptly investigated and appropriate corrective actions should be taken.
9. CHANGES TO THE POLICY
   1. We reserve the right to update and make changes to this policy from time to time based on the working conditions of the Company. The Company on updating this policy will inform the members of the Company.
10. FURTHER INFORMATION
    1. For any queries or further Information regarding our Company or about this Policy, the concerned person can contact us through email[INSERT THE EMAIL ADDRESS OF THE COMPANY]
11. ACKNOWLEDGEMENT
    1. We expect all employees to adhere to this policy of the Company. The Company will apply this policy consistently and fairly to ensure a harmonious and productive workplace for all.
    2. By signing below, you acknowledge that you have carefully read and understood the terms and contents of this policy.
    3. You acknowledge that you will follow the set guidelines of this policy as well as of the Company and failure to do so; the Company can take Disciplinary action against such person.

COMPANY                  

Authorized Signature

Print Name and Title

[INSERT THE NAME/DESIGNATION OF SIGNING AUTHORITY OF COMPANY]