Drata

This test is part of the <b>Data Protection Policy </b>control that ensures your company has established a Data Protection Policy and requires all employees to accept it upon hire. This control also verifies that Management monitors employees' acceptance of this policy.

If Drata finds that a Data Protection policy either does not exist or if the renewal date on the policy has passed, the test will fail.

To remediate a failed test, you will need to either upload or build a Data Protection policy within Drata, set a renewal date that aligns with your compliance program goals, and notify the owner to click 'Approve Policy' as soon as possible.

Add a 'Data Protection Policy' and ensure that the newly added policy has been approved

Set a policy renewal date that aligns with your compliance program goals. Many frameworks require that policies are reviewed/approved annually

1. Navigate to the Policy Center page
2. Add a 'Data Protection Policy' and ensure that the newly added policy has been approved
3. Set a policy renewal date that aligns with your compliance program goals. Many frameworks require that policies are reviewed/approved annually

<a href="https://help.drata.com/en/articles/4826936-policy-builder">Building Policies Within Drata</a>

<a href="https://www.privacypolicies.com/blog/gdpr-data-protection-policy/" rel="nofollow noopener noreferrer" target="_blank">How to build a Data Protection Policy</a>

- <a href="https://help.drata.com/en/articles/4826936-policy-builder">Building Policies Within Drata</a>
- <a href="https://www.privacypolicies.com/blog/gdpr-data-protection-policy/" rel="nofollow noopener noreferrer" target="_blank">How to build a Data Protection Policy</a>

Drata inspects your company records to determine if a Data Protection Policy is in place and is before the policy renewal date.