Train staff

Welcome to the section on staff training. Below you will find materials and resources to help you navigate this aspect of the GDPR.

You may like to start with the videos, which set out what the GDPR is and how it changes data protection in your organisation. You can also use the 'GDPR summary: key points for staff' as a starting point, as well as the 'GDPR mythbuster' document.

This section includes a number of policies. Depending on the level of data handling staff are involved in, you should make these available to staff to ensure they understand the data protection (and data incident management) processes in your organisation. 

There are two types of templates.

  • Downloadable templates - these allow you to download the model policy or template, and to adapt it to your organisation

  • Generate template online - these allow you to use the online wizard to fill in your organisation's details, and download the adapted template as a pdf. 

You may have to adapt aspects of the templates further to ensure it is a good fit for your organisation. If you choose to use the wizard option, please read the policy thoroughly in advance to ensure it is fit for your organisation in its current form. 

 

 

Breach management plan - downloadable template

This breach management plan template looks at containment and recovery, assessment of ongoing risk, breach notifications, and evaluation and response

Data breach log - downloadable template

This data breach log is created to help your organisation keep track of all data breaches. You may like to use it with the below tools, or with similar tools your organisation already holds

Data controller or processor - guidance

This download sets out the differences between data controllers and data processors

Data retention policy template

This model policy template provides a framework for managing the records of your company.

Engaging with suppliers - guidance

This guidance explains the relationship between controller and processors, and how to crystallise it in contractual arrangements.

Expert Answers: Data Protection Officers

In what circumstances should you employ a DPO, and what does their role entail?

Expert Answers: GDPR and Brexit

Brexit and GDPR: do we still need to comply when we leave the EU?

Expert Answers: How does the GDPR affect international data transfers?

How do the rules around international data transfers change under GDPR?

Expert Answers: How does the GDPR impact on marketing?

Are you unsure how the GDPR will impact marketing in your organisation?

Expert Answers: Purchasing third party data

Are you unsure what to consider when purchasing third party data for marketing purposes?

Expert Answers: Seeking consent on third party data

Under the GDPR, should you seek consent again when you're using third party data?

GDPR Awareness: Secure data in healthcare settings

The Information Commissioner's Office states: ''Special category data is personal data which the GDPR says is more sensitive, and so needs more protection.' So what does this mean for organisations that provide healthcare?

GDPR Awareness: Suppliers, controller and processors

Do you have questions about GDPR-compliant controller-processor partnerships?

GDPR Awareness: what is the GDPR and what does it change?

In this staff training video, Ivana Bartoletti, Head of Data Protection and Privacy at Gemserv, sets out what organisations can expect from the GDPR and how to best start preparing for this data evolution.

GDPR Awareness: where to start - record of processing activities

In this staff training video, Ivana Bartoletti, Head of Data Protection and Privacy at Gemserv, explains how to start preparing your organisation and staff for GDPR compliance.

GDPR data protection policy - downloadable template

This is a data protection model policy template created by our expert content partners.

GDPR data protection policy - generate template online

This is a data protection model policy template created by our expert content partners - you can use the online wizard to adapt the template online

GDPR myth busting - guidance (handout)

This download looks at the most common myths and questions regarding the GDPR, and provides clear and practical explanations.

GDPR summary: The key points for directors

This document highlights the main changes introduced by the GPDR and can be used as a simple handout to inform members of directors or the board.

GDPR summary: The key points for staff

This document highlights the main changes introduced by the GPDR and can be used as a simple handout to inform members of staff.

GDPR-compliant consent - guidance

Download this guidance for answers to questions such as 'when do I need consent?'

ICO incident report - template

This ICO incident report template is also included in 'incident management policy - template' tool, but you may prefer to keep the incident report and policy separate.

Incident management - model flow diagram

This download looks at the steps an organisation must take upon detecting a data breach.

Incident management policy - downloadable template

This is an incident management model policy template created by our expert content partners. It covers a variety of topics, including a policy statement, objective and general definitions. It also includes a number of documents which are available as separate downloads

Incident management policy - generate template online

This incident management policy template can be used as part of your organisation's compliance efforts. You can use the online wizard to adapt and generate the policy online

Incident severity assessment - template

This download focuses on crucial factors regarding incident severity, including the number of individual data subjects  affected and the potential for significant distress or damage to the customer

Individual rights policy template

Data subjects have stronger rights under the GDPR - are you meeting them all?

Logging and reporting incidents internally - template

This template for logging and reporting incidents internally is also included in 'incident management policy - template' tool, but you may prefer to keep the template and policy separate. ​​​​​​​

Special categories of data - overview

This download outlines what is included in the GDPR's 'special data' categories.