GDPR Toolkit for Public Sector DPOs
What’s in your GDPR Toolkit?
Full of useful, practical steps. Delivered online. Easy-to-follow.
10 Step Guide
An easy-to-follow 10-step guide to implement GDPR
Self-Assessment
Answer the questions to understand your current state
Data Inventory
Create an inventory of existing Data Processing Activities
Gap Analysis
Identify your existing gaps to GDPR compliance
Risk Assessment
Define each risk as Low, Medium, High and quantify effort required to fix
Action Plan
Use the template to allocate tasks to business owners
Policies
Sample templates for you to adapt to your Privacy Policies
Procedures
Sample templates for you to use internally
Forms
Forms for types of Subject Access Requests
Breach Reporting
Forms for dealing with Data Breaches
DPIA
A template to help you complete a Data Protection Impact Assessment
Compliance Score
After you’ve completed the steps, get your GDPR Compliance Score
Policy Templates included in your GDPR Toolkit
All the mandatory policies you need to be compliant
Personal Data Protection Policy
The purpose of this policy is to set out the arrangements that apply to the management of data protection and to affirm our commitment to protect the privacy rights of individuals in accordance with GDPR.
Privacy Notice
The EU General Data Protection Regulation (GDPR) includes rules on giving privacy information to data subjects in Articles 12, 13 and 14. This example Privacy Notice can be adapted to your organisation.
Data Retention Policy
A data retention policy is an organisation’s established protocol for retaining information for operational or regulatory compliance needs.
Data Subject Consent Form
This document is used to obtain from the data subjects the consent for processing personal data for a specific purpose.
Parental Consent Form
This policy should be used to obtain consent from the parent / legal guardian / representative of a minor to process personal data for a specific purpose.
Supplier Data Processing Agreement
This template that can be used to establish the limits and conditions under which a supplier (processor) can process personal data on behalf of company (controller).
Employee Personal Data Protection Policy
This Policy should set out the principles you will follow in relation to personal data you hold about your employees.
Employee Privacy Notice
As an employer you will be required to provide employees by way of a privacy notice. This example Employee Privacy Notice can be adapted to your organisation.
Data Retention Schedule
This Schedule defines the retention period of each type of data, according to the rules set in your Data Retention Policy.
Data Subject Consent Withdrawal Form
This is a form used by the data subjects to withdraw their consent for processing personal data.
Parental Consent Withdrawal Form
This policy should is to enable the parent / legal guardian / representative of a minor to withdraw the consent from processing personal data for a specific purpose.
Breach Reporting Procedure
An example form that your organisation can adapt to your needs, if required. It will help employees report suspected breaches and ensure you have a record of the breach from the start
We treat your data with care, please see our Privacy Policy for more details