Personal Data Protection Policy template

We are a small internet company which mainly develop internet pages for clients (and sometimes do the hosting) with only 2 people (both in the technical and design areas) , So, we don’t have such large list of managers.
Which much worries me is that we don’t have a Data Protection Officer, which is widely referenced in the document, then who will the person in charge of data protection matters?, since as far I know this position is not mandatory for us.

Answer:

The documents are indeed optimized for small and medium size companies and all the job titles are mentioned as examples, you are free to replace the job titles to best suit your organization.

Same goes for the DPO as well, you can have some other employee deal with privacy related matters. The DPO needs to be appointed only if: (a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; or (b) the core activities of the legal entity consist of processing operations which, by their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the legal entity of processing on a large scale of special categories of data pursuant to Article 9 of the EU GDPR and personal data relating to criminal convictions and offences referred to in Article 10 of the EU GDPR.

If you want to find out more about the EU GDPR check out our EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).