Best Practice Update

    You are here:  
  1. Home
  2. Best Practice Update
  3. September 2025 Policy and Document Updates
A vibrant, graphic image with a deep blue background announces "POLICY UPDATES" in large, white lettering. Below this, smaller text reads: "Our latest document and policy updates are now available!" To the right, a list under the heading "New documents:" highlights two items: Data Rights Complaints Process Subject Access Request Clarification Template A prominent 3D icon in the center shows a large magnifying glass with an orange handle and a blue head, focusing on a white and blue shield. The shield has an orange checkmark in its center. The bottom right corner features a logo for "DATA PROTECTION EDUCATION".
Best Practice Updates

September 2025 Policy and Document Updates

We've updated and added some new policies, including the Data Protection Policy, Model Redaction Guidelines, Data Rights Complaints Process, Freedom of Information Policy, SAR Procedure Template, SAR Response Template, Subject Access Request Clarification Template.  This article shows an amendments made to the documents.

Data Protection Policy

Amended v1.3, 2025

  • Commitment section updated with DUAA reference (pp.5–6).

  • Fair and transparent processing expanded (pp.9–10): public health example broadened beyond COVID-19.

  • Subject rights (pp.9–11): adds DUAA complaints process.

  • SARs section (p.15): updated cross-reference to SAR Procedure v2.1.

  • Data processors section updated (pp.19–20): adds contractual obligations & audits.

  • Data breach handling strengthened (pp.14–15): 72-hour notification clarified.

Model Redaction Guidelines

Amended v2.0, 2025

  •  Introduction updated to include DUAA 2025 & new redaction principles (p.4).

  •  Identifying what to redact expanded (p.5): includes indirect identifiers; requires two-person review.

  •  Methods: stronger metadata guidance, with tools named (pp.6–7).

  •  Electronic files guidance strengthened (p.7).

  •  Exemptions substantially expanded/restructured (pp.8–10): covers crime/taxation, LPP, management data, child abuse data.

New: Data Rights Complaints Process

This document outlines the formal process by which individuals can raise concerns regarding the handling of their personal data or the exercise of their Data Rights. This document outlines the formal process by which individuals can raise concerns regarding the handling of their personal data or the exercise of their Data Rights.

Freedom of Information Policy

Amended v1.3, 2025

  •  Structure expanded:

- New sections Application of Exemptions (pp.5–7), Public Interest Test (p.7), and Refusal Notices (p.7).

  • Application of exemptions: detailed guidance added with absolute vs qualified examples (pp.5–6).

  • Public Interest Test: new structured guidance (p.7).

  • Refusal Notices: new mandatory requirements (p.7). 

  • Complaints procedure (p.8): updated wording, clearer steps (internal review - ICO).

SAR Procedure Template

Amended v2.1 August 2025

  • -Scope clarified (p.3): excludes routine requests.

  •  Recognition of SARs (p.5): expanded to cover verbal/social media requests.

  •  Deadlines (p.5): now explicitly mentions school holidays impacting timelines.

  •  Logging procedure detailed (p.6): use of Data Protection Knowledge Bank.

  •  Staff procedure matrix (“What/Why/How”) newly added (pp.7–8).

  •  Complaints logging cross-referenced (p.9).

Subject Access Response Template

Amended v3 August 2025

  •  Complaints/rights section updated (p.3):

- v2.3: Right to request review within 40 working days, then appeal to ICO.

- v3: Replaced with reference to Complaints Procedure (per Data Use and Access Act 2025).

  • ICO contact details simplified and updated (p.3).

New: Subject Access Request Clarification Template

v1.0 For in SARs to emphasise the clock stop process under the Data Use and Access Act.

©2025 Data Protection Education Ltd.

Search