An Acceptable Use Policy includes guidelines and procedures explaining how you expect staff, volunteers or clients to behave when using your computers. It may link to legal issues, health and safety, staff discipline or financial management.

Managers and trustees must take data security seriously and must take appropriate steps to avoid sensitive data falling into the wrong hands. This includes client information, staff and volunteer details, financial information or confidential reports.
Have a written policy about using and storing passwords and include it in your induction information.
Store data in as few places [...]

Data protection is about protecting people, not data. People can be harmed if their data is misused or falls into the wrong hands, or if inaccurate or insufficient data is used to make decisions that affect them.
Before collecting, storing or using data for the first time always check you are complying with the Data Protection [...]