A Data Protection Policy (or SOP) is a work instruction that sets out responsibilities and processes to ensure compliance with the GDPR in your company and informs your employees about data protection requirements. It covers much more than just data security.
In my opinion, a Data Protection Policy is the most important and often neglected data protection instrument in medium and large-sized companies.
By the way, drafting a Data Protection Policy is not the task of the data protection officer (DPO). DPOs advise and control the company. The DPO therefore has to inform the company about missing policies or review existing ones, but does not have to design or even implement them.
You can find here my free template of a Data Protection Policy including instructions for implementation, a checklist and overview in German language ("DSGVO Sinfonie" package). For English a language version and advice, please contact me.
Whitepapers, Templates and Checklists
Implement Data Protection Effectively and Professional