A statement that sets outs the rules and principles that an organisation will follow when collecting, processing, and storing personal data and customer information, in order to ensure ongoing compliance with data protection laws.