See data processing and data audits tool

Welcome to the section on data processing and data audits. Below you will find materials and resources to help you navigate this aspect of the GDPR.

You may like to start with the video looking at supplier, controller and processor partnerships. Implement the data protection impact assessment tools to understand whether your organisation should conduct a data audit, and use the various templates, workflows and guidance documents to get to grips with the GDPR requirements. 

There are two types of templates.

  • Downloadable templates - these allow you to download the model policy or template, and to adapt it to your organisation

  • Generate template online - these allow you to use the online wizard to fill in your organisation's details, and download the adapted template as a pdf. 

You may have to adapt aspects of the templates further to ensure it is a good fit for your organisation. If you choose to use the wizard option, please read the policy thoroughly in advance to ensure it is fit for your organisation in its current form. 

 

 

Breach management plan - downloadable template

This breach management plan template looks at containment and recovery, assessment of ongoing risk, breach notifications, and evaluation and response

Data controller or processor - guidance

This download sets out the differences between data controllers and data processors

Data privacy impact assessment - downloadable template

This is a template for a data protection impact assessment (DPIA). You may like to use it in conjunction with the 'data protection impact assessment - guidance' tool.

Data privacy impact assessment - guidance

This document provides key information about data protection impact assessments, such as the process to follow and what data to capture

Data retention policy template

This model policy template provides a framework for managing the records of your company.

Employee privacy policy template

Do you have an employee privacy notice in place?

Engaging with suppliers - guidance

This guidance explains the relationship between controller and processors, and how to crystallise it in contractual arrangements.

GDPR Awareness: Suppliers, controller and processors

Do you have questions about GDPR-compliant controller-processor partnerships?

GDPR Awareness: what is the GDPR and what does it change?

In this staff training video, Ivana Bartoletti, Head of Data Protection and Privacy at Gemserv, sets out what organisations can expect from the GDPR and how to best start preparing for this data evolution.

GDPR Awareness: where to start - record of processing activities

In this staff training video, Ivana Bartoletti, Head of Data Protection and Privacy at Gemserv, explains how to start preparing your organisation and staff for GDPR compliance.

GDPR data protection policy - downloadable template

This is a data protection model policy template created by our expert content partners.

GDPR data protection policy - generate template online

This is a data protection model policy template created by our expert content partners - you can use the online wizard to adapt the template online

GDPR summary: The key points for directors

This document highlights the main changes introduced by the GPDR and can be used as a simple handout to inform members of directors or the board.

GDPR summary: The key points for staff

This document highlights the main changes introduced by the GPDR and can be used as a simple handout to inform members of staff.

Marketing under the GDPR - guidance

This is an overview of how the GDPR impacts on marketing activities. It includes practical advice on GDPR and PECR, and answers questions including 'what is required when collecting consent?'

Model data disposal schedule

Do you know when to dispose various types of data?

Record of activities - template

Keep a record of all your data activities, including the type of data, reason for holding the data, and the storage place of the data (where data is held).

Risk register - template

This downloadable template can be used with the 'Record of activities - template' tool to create an oversight of the data collected, processed and held by your organisation, and the inherent risks.

Template Subject Access Request acknowledgement letter

How should you respond to a SAR? This template letter can be adapted to the needs of your organisation.