Discounted Privacy and Complaints Handling Legal Documents for IAA Members
- Data Breach Response Plan (DBRP) – designed for Service Providers to call on in circumstances where an eligible data breach occurs.
- Employee Security & Confidentiality Undertaking – an undertaking that a Service Provider can ask its employees to sign, which addresses the confidentiality of personal data handled by company employees.
- Data Processing Addendum – an agreement between a Service Provider and its Customers, that sets out their agreed position on what is to occur if there is a data breach of jointly held personal information, and is designed to make the customer responsible for carrying out statutory data breach notifications where possible. It is also designed to address the GDPR requirements of a “processor” as an extension of the Service Provider’s main agreement with its Customers.
- Corporate IT Systems and Social Media Policy – a Policy making employees aware that the Company is serious about protecting its sytems and preventing unauthorised use of social media in the workplace.
Failure to comply with the NDB Scheme or the GDPR may result in significant penalties.
Click here to access the Advanced Service Provider Privacy Kit
A new Complaints Handling Standard is coming into effect as of 1 July 2018. It will apply to (i) carriage service providers; and (ii) carriers responsible for network units that are used in the supply of services by carriage service provides. The Complaints Handling Standard requires carriers to set out their complaints handling processes in writing, and make them available on their websites in a concise form. Failure to comply may result in significant civil penalties.
Click here to access the Complaints Handling Policy.