GDPR
Toolkit Version 8
0 CERTIKIT GDPR Toolkit Guidance
None CERTIKIT Toolkit Completion Instructions
None CERTIKIT - GDPR Implementation Guide
None CERTIKIT GDPR Toolkit Index
None CERTIKIT GDPR Toolkit Version 8 Release Notes
None CERTIKIT - Standard Licence Terms
None EU General Data Protection Regulation 2016
1 GDPR Preparation Project
GDPR-DOC-01-1 GDPR Compliance Project Initiation Document
GDPR-DOC-01-2 GDPR Preparation Project Plan
GDPR-DOC-01-3 GDPR Preparation Project Plan (Excel)
GDPR-DOC-01-4 GDPR Documentation Log
GDPR-DOC-01-5 GDPR Briefing Presentation
GDPR-DOC-01-6 Executive Support Letter
GDPR-FORM-01-1 Compliance Evidence
GDPR-FORM-01-2 Meeting Minutes
GDPR-FORM-01-3 GDPR Gap Assessment Tool
2 GDPR Roles Awareness and Training
GDPR-DOC-02-1 GDPR Roles and Responsibilities
GDPR-DOC-02-2 GDPR Competence Development Procedure
GDPR-DOC-02-3 GDPR Communication Programme
GDPR-DOC-02-4 Information Security Awareness Training
GDPR-DOC-02-5 GDPR Awareness Training Presentation
GDPR-FORM-02-1 GDPR Competence Development Questionnaire
None EXAMPLE GDPR Competence Development Questionnaire
None GDPR Awareness Poster (for data subjects)
None GDPR Awareness Poster (for employees)
3 Personal Data Analysis
GDPR-DOC-03-1 Personal Data Analysis Procedure
GDPR-DOC-03-2 Legitimate Interest Assessment Procedure
GDPR-FORM-03-1 Records of Processing Activities
GDPR-FORM-03-2 Personal Data Analysis Form
GDPR-FORM-03-3 Personal Data Analysis Diagram - VISIO
GDPR-FORM-03-4 Personal Data - Initial Questionnaire
GDPR-FORM-03-5 Legitimate Interest Assessment Form
None EXAMPLE Legitimate Interest Assessment Form
None EXAMPLE Personal Data Analysis Diagram - VISIO
None EXAMPLE Personal Data Analysis Form
None EXAMPLE Personal Data - Initial Questionnaire
4 Privacy Policy and Notices
GDPR-DOC-04-1 Records Retention and Protection Policy
GDPR-DOC-04-2 Data Protection Policy
GDPR-DOC-04-3 Privacy Notice Procedure
GDPR-DOC-04-4 Website Privacy Policy
GDPR-DOC-04-5 CCTV Policy
GDPR-DOC-04-6 Data Masking Policy
GDPR-DOC-04-7 Data Masking Process
GDPR-DOC-04-8 Information Deletion Policy
GDPR-FORM-04-1 Privacy Notice Planning Form - Data Subject
GDPR-FORM-04-2 Consent Request Form
GDPR-FORM-04-3 Privacy Notice Planning Form - Other Source
None EXAMPLE Privacy Notice - CCTV
None EXAMPLE Consent Request Form
None EXAMPLE Privacy Notice - Employment
None EXAMPLE Privacy Notice - Newsletter Signup
None EXAMPLE Privacy Notice - Online Purchase
None EXAMPLE Privacy Notice Planning Form - Data Subject
None EXAMPLE Privacy Notice Planning Form - Other Source
None EXAMPLE Privacy Notice - Website Enquiry
None EXAMPLE Website Privacy Policy
5
GDPR-DOC-05-1 Data Subject Request Procedure
GDPR-DOC-05-2 Data Subject Request Register
GDPR-FORM-05-1 Data Subject Request Form
GDPR-FORM-05-2 Data Subject Request Rejection
GDPR-FORM-05-3 Data Subject Request Charge
GDPR-FORM-05-4 Data Subject Request Time Extension
GDPR-DOC-06-1 GDPR Controller-Processor Agreement Policy
GDPR-DOC-06-2 Processor GDPR Assessment Procedure
GDPR-DOC-06-3 Processor Security Controls
GDPR-DOC-06-4 GDPR Compliance Statement
GDPR-DOC-06-5 GDPR Letter to Processors
GDPR-FORM-06-1 GDPR Contract Review Tool
GDPR-FORM-06-2 Processor GDPR Assessment
GDPR-FORM-06-3 Processor Employee Confidentiality Agreement
GDPR-FORM-06-4 GDPR Compliance Checklist
GDPR-FORM-06-5 Data Processing Agreement
GDPR-FORM-06-6 Sub-Processor Agreement
None EXAMPLE Processor GDPR Assessment
None EDPB Approved SCCs - Danish SA Jan 2020 7 Data Protection Impact Assessment
GDPR-DOC-07-1 Data Protection Impact Assessment Process
GDPR-DOC-07-2 Data Protection Impact Assessment Report
GDPR-FORM-07-1 Data Protection Impact Assessment Tool
GDPR-FORM-07-2 Data Protection Impact Assessment Questionnaire
None EXAMPLE Data Protection Impact Assessment
GDPR-DOC-08-1 Procedure for International Transfers of Personal Data
None EC Standard Contractual Clauses 4 June 2021
GDPR-DOC-09-1 Information Security Incident Response Procedure
GDPR-DOC-09-2 Personal Data Breach Notification Procedure
GDPR-DOC-09-3 Personal Data Breach Register
GDPR-DOC-09-4
GDPR-FORM-09-1
GDPR-FORM-09-2
None
None
GDPR-DOC-10-7 Network Security Policy
GDPR-DOC-10-8 Electronic Messaging Policy
GDPR-DOC-10-9 Cloud Computing Policy
GDPR-DOC-10-10 Acceptable Use Policy
GDPR-DOC-10-11 HR Security Policy
GDPR-DOC-10-12 Social Media Policy
GDPR-DOC-10-13 BYOD Policy
11 European Data Protection Board Guidelines None EDPB Guidelines on Data Portability 5 Apr 2017
None EDPB Guidelines on Data Protection Officers 5 Apr 2017
None EDPB Guidelines on Lead Supervisory Authority 5 Apr 2017
None EDPB Guidelines on DPIA 4 Oct 2017
None EDPB Guidelines on Breach Notification 6 Feb 2018
None EDPB Guidelines on Profiling 6 Feb 2018
None EDPB Guidelines on Transparency 11 Apr 2018
None EDPB Guidelines on Online Services 8 Oct 2019
None EDPB Guidelines on Territorial Scope 12 Nov 2019
None EDPB Guidelines on Consent 4 May 2020
None EDPB Guidelines on Contact Tracing for COVID-19 21 Apr 2020
None EDPB Guidelines on Contractual Lawful Basis 8 Oct 2019
None EDPB Guidelines on Data Protection by Design and by Default 20 Oct 2020
None EDPB Guidelines on Use of Video Devices 29 Jan 2020
None EDPB FAQs on the Schrems II Judgement 23 Jul 2020
None EDPB Guidelines on Concepts of Controller and Processor 7 Jul 2021
None EDPB Guidelines on Restrictions Under Article 23 13 Oct 2021
None EDPB Guidelines on Examples Regarding Personal Data Breach Notification 14 Dec 2021
None EDPB Guidelines on Interplay Between Article 3 and Chapter V 14 Feb 2023
None EDPB Guidelines on Certification as a Tool for Transfers 14 Feb 2023
None EDPB Guidelines on Personal Data Breach Notification 28 Mar 2023
None EDPB Guidelines on Data Subject Rights - Right of Access 28 Mar 2023
None EDPB Guidelines on Identifying a Lead Supervisory Authority 28 Mar 2023