Access guidance on legal changes

Welcome to the section on changes to legislation. Below you will find materials and resources to help you navigate this aspect of the GDPR.

You may like to start with the videos, which set out what the GDPR is and how it changes data protection in your organisation. You can use the resources to get to grips with the GDPR requirements. 

Where you download templates, please note that you may have to adapt aspects of the templates further to ensure it is a good fit for your organisation. 



Data protection governance framework - guidance for HR

This guidance outlines recommendations and best practices for creating a data protection governance framework within an organisation

Data transfers derogations guidance - HR

This guidance outlines pre-Brexit recommendations and best practices for data transfers.

Expert Answers: Data Protection Officers

In what circumstances should you employ a DPO, and what does their role entail?

Expert Answers: GDPR and Brexit

Brexit and GDPR: do we still need to comply when we leave the EU?

Expert Answers: How does the GDPR affect international data transfers?

How do the rules around international data transfers change under GDPR?

GDPR - legislation update

Stay up to date with the wider legal landscape regarding data protection and safety.

GDPR and Brexit – No Deal vs Withdrawal Agreement impact on organisations

The full impact of Brexit on data protection in the UK depends on whether a deal is agreed, or whether the UK leaves with no deal. However, both scenarios will change data processing within your organisation.

GDPR Awareness: Secure data in healthcare settings

The Information Commissioner's Office states: ''Special category data is personal data which the GDPR says is more sensitive, and so needs more protection.' So what does this mean for organisations that provide healthcare?

GDPR Awareness: what is the GDPR and what does it change?

In this staff training video, Ivana Bartoletti, Head of Data Protection and Privacy at Gemserv, sets out what organisations can expect from the GDPR and how to best start preparing for this data evolution.

GDPR Awareness: where to start - record of processing activities

In this staff training video, Ivana Bartoletti, Head of Data Protection and Privacy at Gemserv, explains how to start preparing your organisation and staff for GDPR compliance.

GDPR myth busting - guidance (handout)

This download looks at the most common myths and questions regarding the GDPR, and provides clear and practical explanations.

GDPR-compliant consent - guidance

Download this guidance for answers to questions such as 'when do I need consent?'

Individual rights policy template

Data subjects have stronger rights under the GDPR - are you meeting them all?

Legitimate interest assessment - guidance for HR

This document provides key information about legitimate interest assessments, including the process to follow and what needs to be captured, and has practical advice to ensure that staff are prepared to meet the GDPR requirements.

Legitimate interest assessment - template for HR

This template looks at records processed, their legitimate interest, the necessity, and the balancing test and includes one example to help you get started.

Logging and reporting incidents internally - template

This template for logging and reporting incidents internally is also included in 'incident management policy - template' tool, but you may prefer to keep the template and policy separate. ​​​​​​​

Special categories of data - overview

This download outlines what is included in the GDPR's 'special data' categories.

UK Data Protection Act 2018 - guidance for HR

This document provides key information about the UK Data Protection Act 2018, including the background to the UK Data Protection Act and the relevant derogations from the GDPR.