GDPR

We have a wide range of documents, checklists, forms, and correspondence both for Employees and commercial use in this section.

In terms of HR, as an Employer it is important to ensure compliance to the GDPR regulations by: Having a clear retention policy for handling personal data and it is not handled longer than necessary. Have a legal reason for acquiring and/or using personal data, ensure Employees are aware of the retention policy and are following it, respond to personal data requests within one month.

If there is a personal data breach that is likely to result in a risk to the rights and freedom of an individual, inform the ICO within 72 hours and if it is deemed to be high, inform the individual concerned.

This toolkit contains relevant documents in relation to complying with GDPR regulations both HR and Commercial. 

Please be aware that all documents or templates purchased are strictly non-refundable, the documents are sold for your own usage and not for commercial resale. 

GDPR Tool Kits

ImageNameSummaryPriceBuyhf:categories
GDPR - Acknowledgement of Subject Access Request Letter

*The Information Commissioner’s Office (ICO) regularly provides updates to their guidance around the data protection rules.

We will update our documents, accordingly, so please ensure that you are using the most up-to-date version of our documents.

You will find more relevant documents included on our online toolkit for your use.

£55.00
gdpr gdpr-letters-and-forms
GDPR - Data Privacy Notice for Job Applicants

This DATA PRIVACY NOTICE MUST be provided to all job applicants in line with GDPR

[Notes to employer:  *Throughout this document you must either insert or delete information where you see square brackets [].

***This document must be read in conjunction with the Guidance notes on completing the Data Privacy Notice for job applicants.] We will update our documents, accordingly, so please ensure that you are using the most up-to-date version of our documents.

You will find more relevant documents included on our online toolkit for your use.

£95.00
gdpr gdpr-letters-and-forms onboarding onboarding-checklist onboarding-letters-and-forms recruitment recruitment-checklists recruitment-letters-and-forms
GDPR - Data Protection Appointment Letter

*The Information Commissioner’s Office (ICO) regularly provides updates to their guidance around the data protection rules.

We will update our documents, accordingly, so please ensure that you are using the most up-to-date version of our documents.

£65.00
gdpr gdpr-letters-and-forms
GDPR - Data Protection Impact Assessment Form

Once you have decided that you require a data protection impact assessment (also known as a Privacy Impact Assessment), you should use the following template to obtain and organise your findings and results.

Each step/section is necessary unless otherwise indicated.

A Data Impact Assessment must be completed upon the appointment of a Data Protection Officer (DPO) to their role.

£60.00
gdpr gdpr-letters-and-forms
GDPR - Data Subject Access Response Letter

You will find more relevant documents included on our online toolkit for your use.

£55.00
gdpr gdpr-letters-and-forms
GDPR - Employee Data Privacy Consent Form

THIS DATA PRIVACY NOTICE MUST BE ISSUED TO ALL EMPLOYEES, WORKERS OR CONTRACTORS AND KEPT REGULARLY UP TO DATE. This document must be read in conjunction with the guidance notes on completing the Data Privacy Notice for Employees or workers.

*The Information Commissioner’s Office (ICO) regularly provides updates to their guidance around the data protection rules.

We will update our documents, accordingly, so please ensure that you are using the most up-to-date version of our documents.

You will find more relevant documents included on our online toolkit for your use.

£70.00
gdpr gdpr-letters-and-forms
GDPR - Notification to Third Parties of Consent Withdrawal

*The Information Commissioner’s Office (ICO) regularly provides updates to their guidance around the data protection rules.

We will update our documents, accordingly, so please ensure that you are using the most up-to-date version of our documents.

You will find more relevant documents included on our online toolkit for your use.

£65.00
gdpr gdpr-letters-and-forms
GDPR - Personal Data Request Form DSAR

This form is to be used for Data Subjects to request their data; Employers can make this form available to Employees – it can eliminate the need for DSAR requests.

We will update our documents, accordingly, so please ensure that you are using the most up-to-date version of our documents.  **Throughout this document you must either insert or delete information where you see square brackets [].

You will find more relevant documents included on our online toolkit for your use.

£55.00
commercial commercial-checklists commercial-letters-and-forms gdpr gdpr-checklists gdpr-letters-and-forms
GDPR - Personal Data Subject Access Request for More Information

An Employer can refuse to comply with a subject access request (in which case it must advise the Employee, within one month of the request, about their right to complain to the ICO or to the court), or it can charge a reasonable fee reflecting the administrative costs of providing the information, if a request is manifestly unfounded or excessive, for example because it is repetitive.

The third paragraph of this letter gives the Employer the option of charging a fee to comply with the subject access request in this circumstance.

The time limit for responding to a subject access request is one month from the date of receipt. However, if a request is complex, the Employer can extend the time period for response by a further two months.

You will find more relevant documents included on our online toolkit for your use.

£55.00
gdpr gdpr-letters-and-forms
GDPR - Reference Consent Form

GDPR – Reference Consent Form

This form should be accompanied by a completed copy of your Privacy Notice to Job Applicants

£65.00
gdpr gdpr-letters-and-forms recruitment recruitment-letters-and-forms
GDPR - Subject Access Register

*The Information Commissioner’s Office (ICO) regularly provides updates to their guidance around the data protection rules.

We will update our documents, accordingly, so please ensure that you are using the most up-to-date version of our documents.

You will find more relevant documents included on our online toolkit for your use.

**Throughout this document you must either insert or delete information where you see square brackets [].

£45.00
gdpr gdpr-letters-and-forms
GDPR - Written Verification of Identity

*The Information Commissioner’s Office (ICO) regularly provides updates to their guidance around the data protection rules.

We will update our documents, accordingly, so please ensure that you are using the most up-to-date version of our documents.

You will find more relevant documents included on our online toolkit for your use.

£55.00
gdpr gdpr-letters-and-forms
GDPR -Breach Notification to the ICO

*The Information Commissioner’s Office (ICO) regularly provides updates to their guidance around the data protection rules.  Any reportable breach must be reported to the ICO within 72 hours.

We will update our documents, accordingly, so please ensure that you are using the most up-to-date version of our documents.

£65.00
gdpr gdpr-letters-and-forms
GDPR Consent form for Clients

This can be used to gain consent from your clients in line with GDPR

*The Information Commissioner’s Office (ICO) regularly provides updates to their guidance around the data protection rules.

You will find more relevant documents included in our online toolkit for your use.

£70.00
commercial commercial-letters-and-forms gdpr gdpr-letters-and-forms
GDPR Staff Training Record

GDPR Staff Training Record

It is relevant for Employers to track employees’ training, Employees must have GDPR training use the training record to track their training.

You will find more relevant documents included in our online toolkit for your use.  

£10.00
development-and-training development-and-training-checklists gdpr gdpr-checklists
GDPR Sub-Processor Agreement

GDPR Sub-Processor Agreement

Article 28 (1) of the GDPR provides that, where processing is to be carried out on behalf of a Controller, the Controller shall use only Processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject;
Articles 28 (2) of the GDPR provides that, the Processor must not engage another processor without prior specific or general written authorisation of the Controller. In the case of general written authorisation, the Processor must inform the Controller of any intended changes concerning the addition or replacement of other Processors, thereby giving the Controller the opportunity to object to such changes.
The purpose of this template document is to provide an example of the typical matters to address in a Processor to Sub-Processor Agreement. This will largely reflect the terms agreed between the Data Controller and the Processor.

£160.00
commercial commercial-letters-and-forms gdpr gdpr-letters-and-forms terms-and-conditions
Letter Informing of Time Extension to Comply with Subject Access Request

Letter Informing of Time Extension to Comply with Subject Access Request

The time limit for a Data Subject Access Request response is 30 days, should the request be complex or contain numerous requests for data you can request an extension, in this instance you must inform the Data subject of the extension.

£55.00
gdpr gdpr-letters-and-forms
Record of Processing Activities - The Controller

Record of Processing Activities – The Controller

This document is used to record the purpose for collecting data, the activities, description, categories, who is involved and the description of the technical/ organisational security measures.

The document contains a guide at the end to provide assistance for completion.  This document is in line with the GDPR

£55.00
gdpr gdpr-checklists gdpr-letters-and-forms
Replying to a Subject Access Request Providing the Requested Information

GDPR – Replying to a Subject Access Request Providing the Requested Information

This document can be used to respond to the data subject where they have submitted a DSAR request, you should use the format below which outlines all areas that are required.

£65.00
gdpr gdpr-letters-and-forms
Statutory Retention Periods

We have provided you with a comprehensive guide, the table summarises each area, the main legislation regulating statutory retention periods and the period for retention. we have also included areas that do not have specific statutory legislation that regulates them.

If an employer is in doubt, it is a good idea to keep records for at least 6 years (5 in Scotland), to cover the time limit for bringing any civil legal action.

This guide covers, all areas of HR including recruitment, through to leavers, H&S which includes medical and also Accounting records.

£10.00
employee-handbooks-policies employee-handbooks-and-policies-checklists employee-handbooks-and-policies-factsheets gdpr gdpr-fact-sheets pay-and-salary pay-and-salary-fact-sheets
Verbal Verification of the Identity of a Data Subject

Verbal Verification of the Identity of a Data Subject

This document can be used to confirm the identity of a data subject where they have submitted a DSAR request, you should use the format below to confirm the identity.

 

£55.00
gdpr gdpr-checklists gdpr-letters-and-forms

Outsourced HR Consultancy | Employment Law | HR Support