DOWNLOADABLE List of Documents in the Toolkit

Page 1

GDPR

Toolkit Version 8

0 CERTIKIT GDPR Toolkit Guidance

None CERTIKIT Toolkit Completion Instructions

None CERTIKIT - GDPR Implementation Guide

None CERTIKIT GDPR Toolkit Index

None CERTIKIT GDPR Toolkit Version 8 Release Notes

None CERTIKIT - Standard Licence Terms

None EU General Data Protection Regulation 2016

1 GDPR Preparation Project

GDPR-DOC-01-1 GDPR Compliance Project Initiation Document

GDPR-DOC-01-2 GDPR Preparation Project Plan

GDPR-DOC-01-3 GDPR Preparation Project Plan (Excel)

GDPR-DOC-01-4 GDPR Documentation Log

GDPR-DOC-01-5 GDPR Briefing Presentation

GDPR-DOC-01-6 Executive Support Letter

GDPR-FORM-01-1 Compliance Evidence

GDPR-FORM-01-2 Meeting Minutes

GDPR-FORM-01-3 GDPR Gap Assessment Tool

2 GDPR Roles Awareness and Training

GDPR-DOC-02-1 GDPR Roles and Responsibilities

GDPR-DOC-02-2 GDPR Competence Development Procedure

GDPR-DOC-02-3 GDPR Communication Programme

GDPR-DOC-02-4 Information Security Awareness Training

GDPR-DOC-02-5 GDPR Awareness Training Presentation

GDPR-FORM-02-1 GDPR Competence Development Questionnaire

None EXAMPLE GDPR Competence Development Questionnaire

None GDPR Awareness Poster (for data subjects)

None GDPR Awareness Poster (for employees)

3 Personal Data Analysis

GDPR-DOC-03-1 Personal Data Analysis Procedure

GDPR-DOC-03-2 Legitimate Interest Assessment Procedure

GDPR-FORM-03-1 Records of Processing Activities

GDPR-FORM-03-2 Personal Data Analysis Form

GDPR-FORM-03-3 Personal Data Analysis Diagram - VISIO

GDPR-FORM-03-4 Personal Data - Initial Questionnaire

GDPR-FORM-03-5 Legitimate Interest Assessment Form

None EXAMPLE Legitimate Interest Assessment Form

None EXAMPLE Personal Data Analysis Diagram - VISIO

None EXAMPLE Personal Data Analysis Form

None EXAMPLE Personal Data - Initial Questionnaire

4 Privacy Policy and Notices

GDPR-DOC-04-1 Records Retention and Protection Policy

GDPR-DOC-04-2 Data Protection Policy

GDPR-DOC-04-3 Privacy Notice Procedure

GDPR-DOC-04-4 Website Privacy Policy

GDPR-DOC-04-5 CCTV Policy

GDPR-DOC-04-6 Data Masking Policy

GDPR-DOC-04-7 Data Masking Process

GDPR-DOC-04-8 Information Deletion Policy

GDPR-FORM-04-1 Privacy Notice Planning Form - Data Subject

GDPR-FORM-04-2 Consent Request Form

GDPR-FORM-04-3 Privacy Notice Planning Form - Other Source

None EXAMPLE Privacy Notice - CCTV

None EXAMPLE Consent Request Form

None EXAMPLE Privacy Notice - Employment

None EXAMPLE Privacy Notice - Newsletter Signup

None EXAMPLE Privacy Notice - Online Purchase

None EXAMPLE Privacy Notice Planning Form - Data Subject

None EXAMPLE Privacy Notice Planning Form - Other Source

None EXAMPLE Privacy Notice - Website Enquiry

None EXAMPLE Website Privacy Policy

5

GDPR-DOC-05-1 Data Subject Request Procedure

GDPR-DOC-05-2 Data Subject Request Register

GDPR-FORM-05-1 Data Subject Request Form

GDPR-FORM-05-2 Data Subject Request Rejection

GDPR-FORM-05-3 Data Subject Request Charge

GDPR-FORM-05-4 Data Subject Request Time Extension

AREA DOC REF DOCUMENT
Rights of the Data Subject
None EXAMPLE Data Subject Request Form Page 1 of 2

GDPR-DOC-06-1 GDPR Controller-Processor Agreement Policy

GDPR-DOC-06-2 Processor GDPR Assessment Procedure

GDPR-DOC-06-3 Processor Security Controls

GDPR-DOC-06-4 GDPR Compliance Statement

GDPR-DOC-06-5 GDPR Letter to Processors

GDPR-FORM-06-1 GDPR Contract Review Tool

GDPR-FORM-06-2 Processor GDPR Assessment

GDPR-FORM-06-3 Processor Employee Confidentiality Agreement

GDPR-FORM-06-4 GDPR Compliance Checklist

GDPR-FORM-06-5 Data Processing Agreement

GDPR-FORM-06-6 Sub-Processor Agreement

None EXAMPLE Processor GDPR Assessment

None EDPB Approved SCCs - Danish SA Jan 2020 7 Data Protection Impact Assessment

GDPR-DOC-07-1 Data Protection Impact Assessment Process

GDPR-DOC-07-2 Data Protection Impact Assessment Report

GDPR-FORM-07-1 Data Protection Impact Assessment Tool

GDPR-FORM-07-2 Data Protection Impact Assessment Questionnaire

None EXAMPLE Data Protection Impact Assessment

GDPR-DOC-08-1 Procedure for International Transfers of Personal Data

None EC Standard Contractual Clauses 4 June 2021

GDPR-DOC-09-1 Information Security Incident Response Procedure

GDPR-DOC-09-2 Personal Data Breach Notification Procedure

GDPR-DOC-09-3 Personal Data Breach Register

GDPR-DOC-09-4

GDPR-FORM-09-1

GDPR-FORM-09-2

None

None

GDPR-DOC-10-7 Network Security Policy

GDPR-DOC-10-8 Electronic Messaging Policy

GDPR-DOC-10-9 Cloud Computing Policy

GDPR-DOC-10-10 Acceptable Use Policy

GDPR-DOC-10-11 HR Security Policy

GDPR-DOC-10-12 Social Media Policy

GDPR-DOC-10-13 BYOD Policy

11 European Data Protection Board Guidelines None EDPB Guidelines on Data Portability 5 Apr 2017

None EDPB Guidelines on Data Protection Officers 5 Apr 2017

None EDPB Guidelines on Lead Supervisory Authority 5 Apr 2017

None EDPB Guidelines on DPIA 4 Oct 2017

None EDPB Guidelines on Breach Notification 6 Feb 2018

None EDPB Guidelines on Profiling 6 Feb 2018

None EDPB Guidelines on Transparency 11 Apr 2018

None EDPB Guidelines on Online Services 8 Oct 2019

None EDPB Guidelines on Territorial Scope 12 Nov 2019

None EDPB Guidelines on Consent 4 May 2020

None EDPB Guidelines on Contact Tracing for COVID-19 21 Apr 2020

None EDPB Guidelines on Contractual Lawful Basis 8 Oct 2019

None EDPB Guidelines on Data Protection by Design and by Default 20 Oct 2020

None EDPB Guidelines on Use of Video Devices 29 Jan 2020

None EDPB FAQs on the Schrems II Judgement 23 Jul 2020

None EDPB Guidelines on Concepts of Controller and Processor 7 Jul 2021

None EDPB Guidelines on Restrictions Under Article 23 13 Oct 2021

None EDPB Guidelines on Examples Regarding Personal Data Breach Notification 14 Dec 2021

None EDPB Guidelines on Interplay Between Article 3 and Chapter V 14 Feb 2023

None EDPB Guidelines on Certification as a Tool for Transfers 14 Feb 2023

None EDPB Guidelines on Personal Data Breach Notification 28 Mar 2023

None EDPB Guidelines on Data Subject Rights - Right of Access 28 Mar 2023

None EDPB Guidelines on Identifying a Lead Supervisory Authority 28 Mar 2023

6 Controllers and
Processors
8 International Transfers
9 Personal Data Breach Management
Incident Response Plan Data Breach
Personal Data Breach Notification Form
Breach Notification Letter to Data Subjects
EXAMPLE Breach Notification Letter to Data Subjects
EXAMPLE Personal Data Breach Notification Form 10 Information Security Policies
Information Security Policy
Mobile Device Policy
Access Control Policy
Cryptographic Policy
Physical Security Policy
Anti-Malware
GDPR-DOC-10-1
GDPR-DOC-10-2
GDPR-DOC-10-3
GDPR-DOC-10-4
GDPR-DOC-10-5
GDPR-DOC-10-6
Policy
Page 2 of 2

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.