Welcome to the section on GDPR compliance for marketing and HR. Below you will find materials and resources to help you navigate this aspect of the GDPR.
You may like to start with the videos, which look at the way GDPR impacts on marketing, including the purchasing and use of third party data. You may also be interested in the video looking at supplier, controller and processor partnerships, as well as the video on general GDPR awareness which considers how the changes affect HR.
You can use the various templates, workflows and guidance documents to get to grips with the GDPR requirements.
There are two types of templates.
Downloadable templates - these allow you to download the model policy or template, and to adapt it to your organisation
Generate template online - these allow you to use the online wizard to fill in your organisation's details, and download the adapted template as a pdf.
You may have to adapt aspects of the templates further to ensure it is a good fit for your organisation. If you choose to use the wizard option, please read the policy thoroughly in advance to ensure it is fit for your organisation in its current form.
This breach management plan template looks at containment and recovery, assessment of ongoing risk, breach notifications, and evaluation and response
This template, which you can generate online, focuses on containment and recovery, assessment of ongoing risk, breach notifications and evaluation and response
This data breach log is created to help your organisation keep track of all data breaches. You may like to use it with the below tools, or with similar tools your organisation already holds
This data breach log template can be used as part of your organisation's compliance efforts. Use the online wizard to fill in your organisation details, and download the adapted template as a pdf.
Under a data classification policy, information is to be classified according to its business and personal sensitivity, i.e. the potential harm to the organisation or an individual if the information were to be compromised in any way. This guidance outlines recommendations for implementing a data classification policy.
This download sets out the differences between data controllers and data processors
This document provides answers to frequently asked questions regarding digital advertising online, including marketing on websites and social media platforms.
This guidance outlines recommendations and best practices for performing digital advertising and digital marketing.
Do you have an employee privacy notice in place?
This guidance explains the relationship between controller and processors, and how to crystallise it in contractual arrangements.
Brexit and GDPR: do we still need to comply when we leave the EU?
How do the rules around international data transfers change under GDPR?
Are you unsure how the GDPR will impact marketing in your organisation?
Are you unsure what to consider when purchasing third party data for marketing purposes?
Under the GDPR, should you seek consent again when you're using third party data?
Do you have questions about GDPR-compliant controller-processor partnerships?
In this staff training video, Ivana Bartoletti, Head of Data Protection and Privacy at Gemserv, sets out what organisations can expect from the GDPR and how to best start preparing for this data evolution.
In this staff training video, Ivana Bartoletti, Head of Data Protection and Privacy at Gemserv, explains how to start preparing your organisation and staff for GDPR compliance.
This is a data protection model policy template created by our expert content partners.
This is a data protection model policy template created by our expert content partners - you can use the online wizard to adapt the template online
Download this guidance for answers to questions such as 'when do I need consent?'
This ICO incident report template is also included in 'incident management policy - template' tool, but you may prefer to keep the incident report and policy separate.
This download looks at the steps an organisation must take upon detecting a data breach.
This is an incident management model policy template created by our expert content partners. It covers a variety of topics, including a policy statement, objective and general definitions. It also includes a number of documents which are available as separate downloads
This incident management policy template can be used as part of your organisation's compliance efforts. You can use the online wizard to adapt and generate the policy online
This download focuses on crucial factors regarding incident severity, including the number of individual data subjects affected and the potential for significant distress or damage to the customer
Data subjects have stronger rights under the GDPR - are you meeting them all?
This template for logging and reporting incidents internally is also included in 'incident management policy - template' tool, but you may prefer to keep the template and policy separate.
This is an overview of how the GDPR impacts on marketing activities. It includes practical advice on GDPR and PECR, and answers questions including 'what is required when collecting consent?'
Unsure about what to include in your privacy notices?
This example tool will help clarify what a privacy notice can look like and what it should include.
This download outlines what is included in the GDPR's 'special data' categories.