Welcome to the section on changes to legislation. Below you will find materials and resources to help you navigate this aspect of the GDPR.
You may like to start with the videos, which set out what the GDPR is and how it changes data protection in your organisation. You can use the resources to get to grips with the GDPR requirements.
Where you download templates, please note that you may have to adapt aspects of the templates further to ensure it is a good fit for your organisation.
This guidance outlines recommendations and best practices for creating a data protection governance framework within an organisation
This guidance outlines pre-Brexit recommendations and best practices for data transfers.
In what circumstances should you employ a DPO, and what does their role entail?
Brexit and GDPR: do we still need to comply when we leave the EU?
How do the rules around international data transfers change under GDPR?
Stay up to date with the wider legal landscape regarding data protection and safety.
The full impact of Brexit on data protection in the UK depends on whether a deal is agreed, or whether the UK leaves with no deal. However, both scenarios will change data processing within your organisation.
The Information Commissioner's Office states: ''Special category data is personal data which the GDPR says is more sensitive, and so needs more protection.' So what does this mean for organisations that provide healthcare?
In this staff training video, Ivana Bartoletti, Head of Data Protection and Privacy at Gemserv, sets out what organisations can expect from the GDPR and how to best start preparing for this data evolution.
In this staff training video, Ivana Bartoletti, Head of Data Protection and Privacy at Gemserv, explains how to start preparing your organisation and staff for GDPR compliance.
This download looks at the most common myths and questions regarding the GDPR, and provides clear and practical explanations.
Download this guidance for answers to questions such as 'when do I need consent?'
Data subjects have stronger rights under the GDPR - are you meeting them all?
This document provides key information about legitimate interest assessments, including the process to follow and what needs to be captured, and has practical advice to ensure that staff are prepared to meet the GDPR requirements.
This template looks at records processed, their legitimate interest, the necessity, and the balancing test and includes one example to help you get started.
This template for logging and reporting incidents internally is also included in 'incident management policy - template' tool, but you may prefer to keep the template and policy separate.
This download outlines what is included in the GDPR's 'special data' categories.
This document provides key information about the UK Data Protection Act 2018, including the background to the UK Data Protection Act and the relevant derogations from the GDPR.