UK Data Protection Toolkit Version 1 AREA
DOC REF
DOCUMENT
0 CERTIKIT UKDP Toolkit Guidance
None None None None None None
CERTIKIT - Toolkit Completion Instructions CERTIKIT - UK Data Protection Implementation Guide CERTIKIT - UK Data Protection Toolkit Index CERTIKIT - Standard Licence Terms CERTIKIT - Revised DPA 2018 Parts 1 and 2 (Chapters 1 and 2) CERTIKIT - UK General Data Protection Regulation
1 Preparation Project
UKDP-DOC-01-1 UKDP-DOC-01-2 UKDP-DOC-01-3 UKDP-DOC-01-4 UKDP-DOC-01-5 UKDP-DOC-01-6 UKDP-FORM-01-1 UKDP-FORM-01-2 UKDP-FORM-01-3
Compliance Project Initiation Document Preparation Project Plan (Microsoft Project) Preparation Project Plan (Microsoft Excel) Documentation Log UK Data Protection Briefing Presentation Executive Support Letter Compliance Evidence Meeting Minutes Gap Assessment Tool
2 Roles Awareness and Training
UKDP-DOC-02-1 UKDP-DOC-02-2 UKDP-DOC-02-3 UKDP-DOC-02-4 UKDP-DOC-02-5 UKDP-FORM-02-1 None None None
Roles and Responsibilities Competence Development Procedure Communication Programme Information Security Awareness Training UK Data Protection Awareness Training Presentation Competence Development Questionnaire EXAMPLE Competence Development Questionnaire UK Data Protection Awareness Poster (for data subjects) UK Data Protection Awareness Poster (for employees)
3 Personal Data Analysis
UKDP-DOC-03-1 UKDP-DOC-03-2 UKDP-FORM-03-1 UKDP-FORM-03-2 UKDP-FORM-03-3 UKDP-FORM-03-4 UKDP-FORM-03-5 None None None None
Personal Data Analysis Procedure Legitimate Interest Assessment Procedure Records of Processing Activities Personal Data Analysis Form Personal Data Analysis Diagram Personal Data - Initial Questionnaire Legitimate Interest Assessment Form EXAMPLE Legitimate Interest Assessment Form EXAMPLE Personal Data - Initial Questionnaire EXAMPLE Personal Data Analysis Diagram - VISIO EXAMPLE Personal Data Analysis Form
4 Privacy Policy and Notices
UKDP-DOC-04-1 UKDP-DOC-04-2 UKDP-DOC-04-3 UKDP-DOC-04-4 UKDP-DOC-04-5 UKDP-FORM-04-1 UKDP-FORM-04-2 UKDP-FORM-04-3 None None None None None None None None None
Records Retention and Protection Policy Data Protection Policy Privacy Notice Procedure Website Privacy Policy CCTV Policy Privacy Notice Planning Form - Data Subject Consent Request Form Privacy Notice Planning Form - Other Source EXAMPLE Consent Request Form EXAMPLE Privacy Notice - CCTV EXAMPLE Privacy Notice - Employment EXAMPLE Privacy Notice - Newsletter Signup EXAMPLE Privacy Notice - Online Purchase EXAMPLE Privacy Notice - Website Enquiry EXAMPLE Privacy Notice Planning Form - Data Subject EXAMPLE Privacy Notice Planning Form - Other Source EXAMPLE Website Privacy Policy
5 Rights of the Data Subject
UKDP-DOC-05-1 UKDP-DOC-05-2 UKDP-FORM-05-1 UKDP-FORM-05-2 UKDP-FORM-05-3 UKDP-FORM-05-4 None
Data Subject Request Procedure Data Subject Request Register Data Subject Request Form Data Subject Request Rejection Data Subject Request Charge Data Subject Request Time Extension EXAMPLE Data Subject Request Form
6 Controllers and Processors
UKDP-DOC-06-1 UKDP-DOC-06-2 UKDP-DOC-06-3 UKDP-DOC-06-4 UKDP-DOC-06-5 UKDP-FORM-06-1 UKDP-FORM-06-2 UKDP-FORM-06-3 UKDP-FORM-06-4
Controller/Processor Agreement Policy Processor Assessment Procedure Processor Security Controls Data Protection Readiness Statement Letter to Processors Contract Review Tool Processor Assessment Processor Employee Confidentiality Agreement Data Protection Readiness Checklist
Page 1 of 2
UKDP-FORM-06-5 UKDP-FORM-06-6 None
Data Processing Agreement Sub-Processor Agreement EXAMPLE Processor Assessment
7 Data Protection Impact Assessment
UKDP-DOC-07-1 UKDP-DOC-07-2 UKDP-FORM-07-1 UKDP-FORM-07-2 None
Data Protection Impact Assessment Process Data Protection Impact Assessment Report Data Protection Impact Assessment Tool Data Protection Impact Assessment Questionnaire EXAMPLE Data Protection Impact Assessment
8 International Transfers
UKDP-DOC-08-1
Procedure for International Transfers of Personal Data
9 Personal Data Breach Management
UKDP-DOC-09-1 UKDP-DOC-09-2 UKDP-DOC-09-3 UKDP-DOC-09-4 UKDP-FORM-09-1 UKDP-FORM-09-2 None None
Information Security Incident Response Procedure Personal Data Breach Notification Procedure Personal Data Breach Register Incident Response Plan Data Breach Personal Data Breach Notification Form Breach Notification Letter to Data Subjects EXAMPLE Breach Notification Letter to Data Subjects EXAMPLE Personal Data Breach Notification Form
10 Information Security Policies
UKDP-DOC-10-1 UKDP-DOC-10-2 UKDP-DOC-10-3 UKDP-DOC-10-4 UKDP-DOC-10-5 UKDP-DOC-10-6 UKDP-DOC-10-7 UKDP-DOC-10-8 UKDP-DOC-10-9 UKDP-DOC-10-10 UKDP-DOC-10-11 UKDP-DOC-10-12
Information Security Policy Mobile Device Policy Access Control Policy Cryptographic Policy Physical Security Policy Anti-Malware Policy Network Security Policy Electronic Messaging Policy Cloud Computing Policy Acceptable Use Policy HR Security Policy Social Media Policy
11 Further Resources
None None None None None None None
EU General Data Protection Regulation 2016 Explanatory Memorandum to DP, PEC Regulations 2019 Keeling Schedule for Data Protection Act 2018 Keeling Schedule for GDPR NOTE ABOUT UK LEGISLATION DOCUMENTS The DP, PEC (Amendments etc) (EU Exit) Regulations 2019 UK Data Protection Act 2018
Page 2 of 2