iso27diy-corp/Corpus/ISMS/Policy examples/Example introduction for an Internal Privacy Policy.md

From Ultimaker’s Internal Privacy Policy, p.3:

“The Policy is based on the GDPR, which sets out seven principles in Article 5. These are:

1. Lawfulness, fairness, and transparency
2. Purpose limitation
3. Data minimalization
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability

To ensure an appropriate level of data protection, we are committed to (p4):

1. Restrict and monitor access to sensitive data
2. Develop transparent data collection procedures
3. Train employees in online privacy and security measures
4. Build secure networks to protect online data from cyberattacks
5. Establish clear procedures for reporting privacy breaches or data misuse
6. Include contract clauses or communicate statements on how we handle data
7. Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)