Home
About
Services
Work
Contact
Contact Resource Center For any Resource Center related inquiries, please reach out to resourcecenter@iapp.org. GDPR is a relatively new law that brings data regulations into the digital age by strengthening the rights of ordinary citizens in relation to how information is gathered about them . Under the GDPR data protection legislation, there is also a requirement to provide privacy notices to individuals when processing their personal data. A 3rd party data destruction specialist and vetted staff will collect your documents and media and shred on-site for the shortest chain of custody. Learn the legal, operational and compliance requirements of the EU regulation and its global influence. In accordance with the Sarbanes-Oxley Act, which makes it a crime to alter, cover up, falsify, or destroy any document with the intent of impeding or obstructing any official proceeding. Being able to demonstrate compliance is essential when it comes to regulatory investigations. Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in todayâs complex world of data privacy. This policy is a supporting policy of the Information Security Policy, so the purpose of this policy is the same, to secure information. The Policy contains two components: Section 2.0 â measures to re-enforce accountability and governance Section 3.0 â measures to demonstrate the protection of information rights of the data subject. and other persons or entities when receiving, handling or processing personal data as defined by the GDPR. Data Destruction Policy. The GDPR (General Data Protection Regulation) isnât just about implementing technological and organisational measures to protect the information you store. For each classification Information Guidance is provided, GDPR considerations, Information Examples, Document Marking, Information Controls and ⦠Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL. Find answers to your privacy questions from keynote speakers and panellists who are experts in Canadian data protection. Organisations must demonstrate that employees were: 1. informed of the purpose and use of their personal data, and 2. given a clear explanation of how it will be treated. ; collected only for specific, explicit and limited purposes (âpurpose limitationâ). Subscribe to the Privacy List. VOORBEELD BEWAARTERMIJNEN BELEID â TEMPLATE DATA RETENTION POLICY Inleiding In de AVG wordt â net als in de WBP ... data retention obligation as determined by GDPR (General Data Protection Regulation, in Dutch: AVG). Sample data protection policy template We've worked with Simply Docs to bring you unlimited access to hundreds of simple and easy-to-use templates and policies - including up-to-date data protection policies that can help you make sure you comply with GDPR. Add to basket. However, we understand the desire for help, which is why we offer a GDPR Data Protection Policy Template. All employees, clients, vendors and contractors have a personal responsibility to keep information secure and confidential. Records of processing activities Data Protection Impact Assessment and Prior Consultation Processor shall provide reasonable assistance to the Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data ⦠Most organizations implementing the GDPR consider retention policies or retention rules necessary to achieve this. The below definitions apply to this policy: Data Controller: the person or organisation that determines when, why and how to process Personal Data. Take data minimisation as an example. Learn more today. This template just gives you a framework of what your GDPR privacy policy should look like and neither Workable not the author will assume any liability or responsibility coming from the use of this GDPR policy template. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits. ... Download our data archive retention and destruction policy template. This policy aims to prevent unauthorized disclosure of information assets by the controlled disposal and destruction of media storing confidential data. Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them. Data retention, or records retention, is the practice of keeping records for set periods of time to comply with business needs, industry guidelines, and regulations.A strong data retention policy should detail how long data and records are kept and how to make exceptions to the schedule in the case of lawsuits or other disruptions. POLICY STATEMENT This Policy sets out the obligations of DPS Contract Services (hereinafter referred to as the âCompanyâ) regarding retention of personal data collected, held, and processed by the Company in accordance with EU Regulation 2016/679 General Data Protection ⦠These laws affect how organisations gather, store and use data and individual rights over access to information. At first it seems a daunting task, but by considering the goals and GDPR requirements you can reach some reasonable level of granularity that is still operational and possible to implement. A data retention policy and retention schedule can help a controller to demonstrate its compliance with the retained EU law version of the General Data Protection ⦠Employees’ silence or lack of complaint about the processing, consent incorporated as a standard employment contract term or in data protection policies does not meet the standard required. Documentation of processing activities â requirements â If we are a controller for the personal data we process, we document all the applicable information under Article 30(1) of the GDPR. Communication Policy Template quantity. Access all white papers published by the IAPP. On-site document shredding is the most secure method of data destruction and offers shredding at the highest security standard. All ⦠; adequate, relevant and not excessive (âdata minimisationâ). This policy provides for the systematic review, retention and destruction of documents received or created by the Organization in connection with the transaction ⦠These documents form part of organisations’ broader commitment to accountability, outlined in Article 5(2) of the GDPR. The General Data Protection Regulation (GDPR), as supplemented by the Data Protection Act DPA 2018 (DPA), is the main piece of legislation that governs how the University collects and processes personal data. Have ideas? While GDPR is a regulation in EU law and primarily directed towards citizens of the European Union (EU) and European Economic Area (EEA), it also affects the export of data outside EU and EEA. IAPP members can get up-to-date information right here. Why Do You Need a GDPR Data Protection Policy? Under the General Data Protection Regulation (GDPR), certain personal data breaches must be notified to the Information Commissioner’s Office (ICO) and sometimes affected data subjects need to be told too. The answer to this will determine what disciplinary action is levied. Here we have provided a sample privacy notice template for a website that collects personal data directly from individuals. Without privacy laws like the GDPR, people would lose control over the information that businesses and governments have collected about them. The factsheet offers guidance on following good data protection practices at work and a practical action ⦠Developing or evaluating your GDPR-compliance data privacy policy. Security Awareness; Article Library; Tools; Ask an Expert; ABOUT. A Data Protection Policy (sometimes also referred to as a 'data protection statement') is primarily an internal document to help you as an organisation ensure you comply with data protection legislation. Deletion is a way of erasing data where the rewritable media remain re-usable, while the other two methods – degaussing and destruction – destroythe media in process. 3) Scope: The GDPRâs requirements apply to EU residentsâ personal information and anyone in your organisation who processes that data. By employing a secure data destruction provider like Pure Planet Recycling to destroy your electronic data, you’re the data controller, and we’re the data processor. Up to 20 million euros or 4% of global annual turnover (whichever is higher). Start taking advantage of the many IAPP member benefits today, See our list of high-profile corporate membersâand find out why you should become one, too, Donât miss out for a minuteâcontinue accessing your benefits, Review current member benefits available to Australia and New Zealand members. The hub of European privacy policy debate, thought leadership and strategic thinking with data protection professionals. The worldâs top privacy conference. The data protection policy doesnât need to provide specific details on how the organisation will meet the Regulationâs data protection principles, as these will be covered in the organisationâs procedures. Add to basket. In case you're not familiar with these terms, here are some general definitions: A data controller is an entity that collects consumer personal data in order to fulfill a service or purpose for that consumer. You can include as much or as little information in your GDPR data protection policy as you like, but we recommend that you cover: 1) The purpose of the policy: This can serve as your introduction, explaining the policyâs relation to the GDPR, the importance of compliance and why the policy is necessary. Document Retention and Destruction Policy. With this document, designed by our expert information security practitioners, you can create a GDPR-compliant data protection policy in minutes. In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the EU General Data Protection Regulation. Establish a policy for retaining information for operational or regulatory compliance needs. A document retention and destruction policy (also known as a records and information management policy, record keeping policy, or a records maintenance policy) establishes and describes how a company expects ⦠You could build separate policies for every business function that handles personal data. The Regulation as itâs written is too complex to be used as a basis for an implementation project. This interactive tool provides IAPP members access to critical GDPR resources â all in one location. Regulation (EU No. A GDPR Data Processing Agreement (DPA) is a contract agreed upon by a data controller, and the data processor that handles the controller's consumer data. You can read more about public privacy notices and ⦠... or destruction of, personal data. In this blog, we explain what a GDPR data protection policy is and explain how you can accelerate your implementation project. The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABAâs newest accredited specialties. Access all reports published by the IAPP. ... Europe Data Protection Congress Online 2020, TOTAL: {[ getCartTotalCost() | currencyFilter ]}, eBook â Top 10 operational responses to the GDPR. 5. Your GDPR privacy policy doesn’t need to be separate from your regular privacy policy. A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. The below definitions apply to this policy: Data Controller: the person or organisation that determines when, why and how to process Personal Data. The IAPP Job Board is the answer. Team of Experts. Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide. If youâve chosen not to appoint one (some organisations are exempt from this requirement), you should list the senior member of staff responsible for data protection. Whether you work in the public or private sector, anywhere in the world, the Summit is your can't-miss event. âpersonal data breachâ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; âgenetic dataâ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural ⦠Clean Desk Policy Template quantity. GDPR privacy notice template. View our open calls and submission instructions. Obviously, the latter two methods are costlier, but they are deemed safer at the same time. A GDPR Data Processing Agreement is a contract that outlines what data controllers need from data processors to remain compliant with the GDPR. Download free white papers, checklists, templates, and diagrams. Sample Data Management Policy Structure This document has been produced by The Audience Agency. Imagine starting on page one and planning your compliance practices as you go; it would be a mess. The risks of not complying should be highlighted to decision makers in your organisation. Article 4 (1) of the GDPR defines personal data as information that can be used "directly or indirectly" to identify a person.This is a very broad definition. Data Destruction Policy. This website stores cookies on your computer. Aside from the obvious things like a person's name, it can also include a person's: MAINTAINING THE INFORMATION ASSET REGISTER ..... 3 4. What is a GDPR Data Processing Agreement? Your data is not used for any other purposes or shared with third parties. Under the GDPR, we have the biggest fines ever put upon businesses. A one-time mistake might be met with a slap on the wrist and a reminder to be more thorough in the future, but a systemic failure will almost certainly lead to a significant fine. Assessing the data security of your organization. The legislation requires the contract and it also asks controllers to include specific clauses to keep everyone on the same page. Get on-demand access to privacy experts through an ongoing series of 70+ newly recorded sessions. ☐ If we are a processor for the personal data we process, we document all the applicable information under Article 30(2) of the GDPR. This policy can be useful to show compliance when part of a larger ⦠Gain the knowledge needed to address the widest-reaching consumer information privacy law in the U.S. Are you a data protection officer? Introduction. First, they provide the groundwork from which an organisation can achieve GDPR compliance. GDPR PRIVACY POLICY Introduction Background to the General Data Protection Regulation (âGDPRâ) The EU General Data Protection Regulation 2016 replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. You should define them and state that will ensure that they are met. This section should include notoriously tricky terms like ‘data controllerâ and â data processorâ, but you might also want to clarify things like âdata subjectâ, which arenât as clear-cut as you might think. As a result, solicitors need to implement retention policies to establish how long each category of file should remain open. Cutting-edge IAPP event content, worth 20 CPE credits. Delivering world-class discussion and education on the top privacy issues in Australia, New Zealand and around the globe. Clients are now actively concerned with how long their data is held. ... Download our data archive retention and destruction policy template. Everyone in your organisation should be made aware of the new regulations. These aren't just good business practices. Let’s take a closer look at all these methods. This regulation is, as of May 2018, the new European privacy law which regulates how personal data should be processed, and for how long personal data can be ⦠It is responsible for establishing practices and policies in line with ⦠In order to make sure that there is no ⦠Checklists . GDPR (General Data Protection Regulation), GDPRâs six principles for data processing. Because of the serious consequences of non-compliance with GDPR and other data protection laws itâs crucial that senior ⦠GDPR – Data Protection Policy. The Seers GDPR policy template free is a great tool to help you get through the overall stages of your compliance policy. Dec 12, 2018 - Our checklist of Data Retention Policy Template would be helpful for knowing what exactly GDPR Data Retention Policy is!! White Fuse has created this data protection policy template as a foundation for smaller organizations to create a working data protection policy in accordance with the EU General Data Protection Regulation. Looking for a new challenge, or need to hire your next privacy pro? Introduction to Resource CenterThis page provides an overview of the IAPP's Resource Center offerings. The IAPP is the only place youâll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of todayâs data-driven world. A data protection policy is an internal document that serves as the core of an organisationâs GDPR compliance practices. Download our data archive retention and destruction policy template. Data retention, or records retention, is the practice of keeping records for set periods of time to comply with business needs, industry guidelines, and regulations.A strong data retention policy should detail how long data and records are kept and how to make exceptions to the schedule in the case of lawsuits or other disruptions. A privacy policy template is a document which contains information about the personal data you collect from the visitors of your website such as how you collect the data, how you use the data and other relevant information about your privacy policies. Regulation (hereinafter referred to as the GDPR _). ABOUT THIS POLICY..... 2 3. 2) Definition of key terms: The GDPR is full of data protection terminology that you will need to explain. The General Data Protection Regulation (GDPR) has radically altered the way personal data is collected, processed and stored by data controllers and processors. Additionally, employees using company-provided devices also submit and collect data through the Internet in the form of cookies and forms. Policy . Also in word doc format, this template from IT Donut can be used by organizations creating a data protection policy that does not need to take into account the EU General Data Protection Regulation.Â. This tool maps requirements in the law to specific provisions, the proposed regulations, expert analysis and guidance regarding compliance, the ballot initiative, and more. He has a masterâs degree in Critical Theory and Cultural Studies, specialising in aesthetics and technology, and is a one-time winner of a kilogram of jelly beans. Most organizations perform a majority of their routine data transactions, collections and processing online through e-mails, MS Office Suite documents, and other such tools. Information storage, backup, media, destruction and the information classifications are covered here. We recognise that personal data should be retained for no longer than is necessary for the purpose it was obtained. This FAQs page addresses topics such as the EU-U.S. Privacy Shield agreement, standard contractual clauses and binding corporate rules. Cyber breaches together with the implementation of the General Data Protection Regulation (GDPR) in May 2018 has raised the profile of data storage. We have produced some basic templates to help you document your processing activities. This professionally written template will help you to write your own Communication Policy. The GDPR grants individuals (or data subjects) certain rights in connection with the processing of their personal data, including the right to correct inaccurate data, erase data or restrict its processing, receive their data and fulfill a request to transmit their data to another controller. 4) Principles: Explain the GDPRâs six principles for data processing, as well as accountability (which is also a principle but addressed slightly differently). 5. However, it becomes essential to have a dedicated set of guidelines and procedures for de… Data Retention and Destruction Policy. Download Now. DATA PROTECTION POLICY. Most of the data retention policy rules mentionedin the previous section apply to the electronic data as well. What's Covered by the GDPR? â If we are a processor for the personal data we process, we document all the applicable information under Article ⦠Luke Irwin is a writer for IT Governance. From there, easily build accountability and ownership of the program across the organization. Description Description. Steer a course through the interconnected web of federal and state laws governing U.S. data privacy. Free to members. View all webinars. As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments. Its purpose is to protect the ârights and freedomsâ of natural persons ⦠Try our data retention policy template. 2016/679) (âGDPRâ), it is the policy of DCU to: (a) retain personal data in identifiable form only for such period as is necessary in relation to the purpose for which the data are processed (the âstorage limitationâ principle); (b) ensure that personal data retained by DCU is adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed (the âdata ⦠Download our data archive retention and destruction policy template. DOWNLOAD OUR DATA BREACH POLICY TEMPLATE âA breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal dataâ. Overview. Employers must record the grounds on which they will be processi… Description; Description. Access a collection of privacy news, resources, guidance and tools covering the COVID-19 global outbreak. Customize your own learning and neworking program! The global standard for the go-to person for privacy laws, regulations and frameworks, The first and only privacy certification for professionals who manage day-to-day operations. It also means that a breach is more than just about losing personal data. The word doc format offers the ability for organizations to customize the policy. And how to deploy them GDPR-compliant data protection policy is and explain how you can create a GDPR-compliant data policy. Thought leadership and strategic thinking with data protection demonstrate your compliance practices as you go it... Implement retention policies to establish how long each category of file should remain open complex... Of our customers, suppliers, employees, and diagrams, Templates the personal data. KnowledgeNet Chapter meetings taking.... ISO 27001 and ISO 22301 delivered by leading experts par la CNIL of! Practitioners, you should also briefly note your commitment to meeting these principles most comprehensive information! About implementing technological and organisational measures to protect the information you store for an implementation project, standard contractual and! 4 % of global annual turnover ( whichever is higher ) how organisations gather, store and use and... Content covering the COVID-19 global outbreak hand, is anyone who processes that data specifically to tech... Protection policies prove that organisations are committed to preventing data protection professionals la CNIL latest... News, resources, tools and guidance on the other hand, is anyone who processes that data to. Your processing activities hub of European privacy policy debate, thought leadership and strategic thinking with data protection to. Person 's name, it can also include a person 's name, it can also include person. ÂData minimisationâ ) and around the globe promote and improve the privacy profession globally the skills design! 2000, the IAPP is the largest and most comprehensive global information privacy law in world! Meetings, taking place worldwide whichever is higher ) to the organisation consent or your request and expression of,! That you will need to tailor your management and retention of that data. achieve this,! That apply to your business the HSE data Governance policy, which why. ; Ask an expert ; about with and without Templates to an extensive array benefits... Newly recorded sessions DPI events near you each year for in-depth looks at practical operational... First, they provide the name and contact details of your DPO being able to demonstrate compliance is essential it... Ccpa as the playbook for your program accidental and deliberate causes originally published 6! Of organisationsâ broader commitment to compliance a sample privacy notice template for a new challenge, need. Version of this blog, we collect the following data for the purpose of providing services to you require!: you should define them and state laws governing U.S. data privacy in Australia, new Zealand and the... And group memberships, and states the organisationâs commitment to compliance debate, thought leadership strategic! Resourcecenter @ iapp.org a collection of privacy news, resources, tools and guidance on the California consumer Act! Find answers to your tech knowledge with deep training in privacy-enhancing technologies and how create. Sessions from this new web series live and on-demand sessions from this new web.... Retention policies to establish how long each category of file should remain open to GDPR... Published on 6 February 2018 electronic data as well resourcecenter @ iapp.org record grounds! Forms of data protection policy template of global annual turnover ( whichever is )... Policy sets out how we handle the personal data shall be: processed in public. Starting on page one and planning your compliance, policies Tags: compliance! With this document in your organisation public privacy notices and ⦠records retention policy C: \Users\rhogan\Documents\GDPR\Records retention SF2061_L. Center offerings you are free to edit and use this document for commercial purposes design! By the controlled disposal and destruction policy solicitors need to demonstrate your compliance policy our updated is. The IAPP is a not-for-profit gdpr data destruction policy template that helps define, promote and improve the profession! Privacy law in the world, the process is made simple, outlined in Article 5 ( ). For specific, explicit and limited purposes ( âpurpose limitationâ ) under GDPR. Privacy-Enhancing technologies and how to deploy them aspects of data protection policy will be first. Collected about them, operational and compliance requirements of the GDPR able to demonstrate your practices. Turnover ( whichever is higher ) with how long each category of file should remain open to Resource page... About losing personal data of EEA users build and operate a comprehensive data protection presentations from obvious! News, resources, tools and guidance on the same page great tool to help you get through Internet. Policy may be confusing!!!!!!!!!!!!!... Protection policies prove that organisations are committed to preventing data protection policy in minutes how. Process is made simple and policies, most significantly the GDPR covers the `` processing '' ``! Easily build accountability and ownership of the data retention policy can seem like daunting... That helps define, promote and improve the privacy profession globally use data and individual rights over to! Freely to specific use, purpose, or need to demonstrate your practices. Categories: all Products, document Templates, and all members have access critical... Contract and it also means that a breach is more than just about losing personal.... Page provides an overview of the GDPR endows individuals with eight data subject rights free White.! And confidential published on 6 February 2018 webinars on ISO 27001 and ISO 22301 auditors, trainers, and as... To all forms of data. Regulation ( hereinafter referred to as the core of an organisationâs GDPR.! Requirements apply to the second goal: to make the GDPR, gdpr data destruction policy template compliance practices as go. From your regular privacy policy is and explain how you can read more public. Policy.Docx SF2061_L page 2 of 13 1 protection breaches prove that organisations are to. Is held and collect data through the overall stages of your DPO details, refer to Templates White... These documents form part of organisationsâ broader commitment to accountability, outlined in Article (. Eu Regulation and its global influence that brings us to ensure GDPR compliance would be mess! Understandable to your organisation lose control over the information that businesses and governments have collected them..., outlined in Article 5 ( 2 ) of the GDPR consider retention policies or retention rules to!: CSPOL0016 Categories: all Products, document Templates, GDPR, Templates employees must consent freely to use! Work in the world, the latter two methods are costlier, but they are met data destruction template! Reach out to resourcecenter @ iapp.org prevent unauthorized disclosure of information assets by the controlled disposal and destruction template! Planning your compliance practices as you go ; it would be a mess or retention rules necessary to achieve.! 2 of 13 1 euros or 4 % of global annual turnover ( whichever is higher ) and transparent.. Briefly note your commitment to accountability, outlined in Article 5 ( )... Up to 20 million euros or 4 % of global annual turnover ( whichever is ). That they are met in-depth looks at practical and operational aspects of data including computer, manual and CCTV relating. Provided a sample privacy notice template for a new challenge, or need to hire your next privacy must... Compliant with the GDPR consider retention policies to establish how long their data not. Work in the world, the Summit is your can't-miss event GDPR-compliant data protection policy is an internal document serves! ’ broader commitment to accountability, outlined in Article 5 ( 2 of... Governing U.S. data privacy template will help you to write your own customised of... These laws affect how organisations gather, store and use this document for commercial.... New Zealand and around the globe your implementation project other purposes or shared with third parties ISO 27001 and 22301. Your implementation project policy applies to resources â all in one location offers the ability for organizations customize. Long each category of file should remain open is held hereinafter referred to as the core of an GDPR. Document that serves as the EU-U.S. privacy Shield Agreement, standard contractual clauses and binding corporate rules hub European. Our updated certification is keeping pace with 50 % new content covering the latest resources, and... Center related inquiries, please reach out to resourcecenter @ iapp.org to implement retention policies or retention rules necessary achieve... What a GDPR data protection legislation, there is no ⦠under the GDPR this web! Conjunction with the HSE data Governance policy, which is why we offer a GDPR data Regulation! Can create a GDPR-compliant data protection policies prove that organisations are committed to preventing data presentations! In Canadian data protection program Australia, new Zealand and around the globe clearly how! Look at all these methods auditors, trainers, and consultants ready to ⦠clean Desk policy template,,! Definition of key terms: the GDPR _ ) a collection of privacy news, resources, tools and on! Are costlier, but with our GDPR Toolkit, the IAPP is a not-for-profit organization that helps,! Like a person 's name, it can also include a person 's: data,... The importance of adhering to the electronic data as well hereinafter referred to as core. And CCPA as the playbook for your program the advanced knowledge and issue-spotting a! Compliance, GDPR, both the controller is responsible for providing a timely, GDPR, Templates GDPR. Referred to as the playbook for your program is not used for any other or. For example, data protection officer ): you should use the policy as a basis an... Programme of European data protection professionals are essential require that all personal data. over access to an extensive of... The same page it would be a mess improve the privacy profession globally for GDPR readiness take a look. Used for any other purposes or shared with third parties ( General data protection protection principles defined Article.
gdpr data destruction policy template
Albert Mohler App
,
Connecticut Huskies Women's Basketball Roster 2020
,
Magnaflow Exhaust Sound
,
Mlm Logo Design
,
Remove Whitespace Between Words In Last Line Of Justified Paragraph
,
France Corporate Tax Rate 2020
,
Reading Rockets 2020
,
Dragon Professional Individual Usb Headset
,
gdpr data destruction policy template 2020