Policies & Documents

In order to comply with data protection law, we have a number of template policies and types of documentation that we can tailor to your organisation's requirements.

Legal Basis Flowcharts: These allow you to easily determine when you can lawfully process personal data. The flowcharts enable you to identify the legal basis for processing as required to do so by data protection laws.

Privacy Notice Checklists: These aid you in drafting your privacy notice in line with the detailed requirements of UK data protection law.

Privacy Notices: We can assist you in drafting internal privacy notices for employees, job candidates and contractors. We can also assist you in preparing external-facing privacy notices aimed at customers, website and app users.

Appropriate Policy Document: UK data protection law (the Data Protection Act 2018) requires organisations to have what is known as an "Appropriate Policy Document" when processing special category and criminal offence data under certain circumstances. We can help you tailor this to meet your requirements.

Template DPIA: If you intend to implement new procedures, engage a new supplier or undertake new projects which are likely to result in a high risk to the rights and freedoms of individuals, you must complete a Data Protection Impact Assessment. This template simplifies the process for your organisation.

Data Protection Policy and Privacy Standard: This will allow you to inform your staff of what is expected of them when processing personal data as part of their role. We can tailor this to your internal policies and procedures.

Data Subjects Rights procedures: A rights request can go to anyone inside your organisation. The request can be made verbally or in writing. The data subject does not need to expressly state that they are making a request to exercise a right under data protection legislation. To ensure your staff can recognise and act on these requests, it is essential to have this procedure in place. 

Personal Data Breach Policy and Procedure: If a notifiable personal data breach occurs within your organisation, you only have 72 hours from becoming aware of the breach to inform the ICO (or other relevant regulator outwith the UK). The time constraints surrounding breaches mean that your staff must be able to act quickly, and a procedure outlining how to handle a breach will assist them in doing this. 

Document Retention Policy: Under data protection law, your organisation should not hold on to personal data for any longer than necessary. A document retention policy will allow you to comply with this requirement by specifying retention periods for the different types of personal data held by your organisation.

Guidance Tool – Determining Roles of Parties: Before appropriate contractual agreements can be put in place, organisations must understand what role they play under data protection legislation (this can include a sole controller, joint controller, processor or sub-processor). This tool will aid you in determining this.

Data Processor Checklist: Before selecting a service provider, it is important that you are comfortable with the provider's IT security measures (which should align with your organisation), their data protection compliance status, their location and the sub-contractors they engage. You must also ensure that your contract with them meets certain minimum requirements. This checklist will help you manage the risks associated with appointing providers to process information on your behalf.

Cookie Policy: Your organisation must provide clear and comprehensive information about the cookies your website uses and the purposes for which you use them. In many cases, you also need obtain consent from users before setting cookies. This policy will allow you to inform visitors to your website about the cookies you use and why you use them.


Data Processing/Data Sharing arrangements: We can provide you with data processing and sharing arrangements tailored to your organisation. Whether this is a formal contract or an informal FAQ/protocol document, we can ensure it meets the needs of your organisation.

General Contractual Arrangements: We also offer to review and update your existing contracts to ensure they are in line with current data protection standards. We can provide you with contracts that comply with data protection laws and which outline the liabilities of parties in relation to any breaches of these laws.

Consent: Consent is now more difficult to obtain under data protection legislation. We can assist you in ensuring that your consent requests are valid and can inform you when consent is the most appropriate legal basis upon which to rely for processing. If consent is not appropriate, we can outline the other options available to you.

Latest updates from @MacRoberts

  • Our award-winning Family Law team can help you and your partner through difficult situations by providing support w… https://t.co/sOwEmv13fP 27/07/2021
  • To celebrate the Olympic Games in Tokyo, we're delighted to launch our latest sporting challenge in support of our… https://t.co/Y8IEq3eT53 23/07/2021
  • MacRoberts is recruiting! We are currently looking for a Real Estate Planning Solicitor to join the MacRoberts tea… https://t.co/ioGQaF2hQc 23/07/2021
  • The countdown is on! With just 100 days to go, we’re looking forward to #COP26 in Glasgow! ♻️ As a firm accredite… https://t.co/Ooldhmo8tW 22/07/2021
  • Has lockdown led you to consider a move to the countryside? From discussing a possible purchase to obtaining the… https://t.co/patbF42pjk 22/07/2021
  • Have you seen our latest vacancies? 💼 We currently have opportunities in various departments across the firm. Fin… https://t.co/NpiWs2sphg 21/07/2021
  • Acas has published new guidance for employers with helpful information on #flexibleworking & #hybridworking. With t… https://t.co/SoX87hFkko 20/07/2021
  • Busting the myth that a career in law is only for the privileged few: @marikaflawyer is speaking at this morning’s… https://t.co/awfcub4cw0 19/07/2021
  • MacRoberts is recruiting! We are currently looking for a Support Services Assistant to join our team in Edinburgh.… https://t.co/DJ27fRmmdb 16/07/2021
  • MacRoberts is pleased to have been part of the team advising @HV_Systems in its £5m capital boost from Beehive Equi… https://t.co/BxcwjCgIVk 15/07/2021
  • MacRoberts is recruiting! We are currently looking for a NQ Solicitor to join our Conveyancing & Private Client te… https://t.co/zubGY4zo0D 14/07/2021
  • For the last of our IGTV mini-series, we hear from Katie MacLeod. She will be giving an insight into what it’s like… https://t.co/0v2nNQ9zzZ 14/07/2021
  • RT @marikaflawyer: Exciting opportunity for Associate in our award winning Family Law team #familylaw #LegalCareer https://t.co/z3WEtfFJUo 14/07/2021
  • MacRoberts is recruiting! We are currently looking for an Associate to join our Family Law team in Edinburgh or Gl… https://t.co/CaitiMeVBs 14/07/2021
  • Last week, the UK Government took the decision to relax the rules on the length of time lorry drivers can work as a… https://t.co/o559McerYg 13/07/2021