Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

GDPR Toolkit: We're going live with version five

The GDPR was big news last year, with organisations across the EU battling to get their systems in order before the deadline of May 25.

The General Data Protection Regulation is the biggest change to data protection laws in more than two decades, affecting everyone living in the EU. It aims to give people more control over how their personal data is handled.

CertiKit’s GDPR Toolkit has proved to be our best-seller, with sales to 79 countries and principalities, including all 28 in the EU (29 including Gibraltar) and 50 outside.

From international powerhouses such as the US and Germany to tiny island states such as the Caymans and Curaçao, our GDPR Toolkit is proving popular.

Now we have launched our fifth version, which includes some important updates, such as new documents, slides and posters.

This is the first update since the GDPR came law, and some of the updates have been made in response to customer feedback.

Here are the updates in V5:

CCTV Policy

The addition of a CCTV policy was the result of customer feedback. The policy sets out what organisations can and can’t do with closed circuit TV systems.

In collecting and using video (and possibly audio) data, organisations are subject to a variety of legislation, including the GDPR, which control how such activities may be carried out and the safeguards that must be put in place to protect the recorded information.

The policy sets out the rules which must be followed when installing and dealing with CCTV so that responsibilities are met and the usefulness of the recorded data is maximised.

Sub-Processor Agreement

This form is a starting point for an agreement between a processor and a sub-processor to cover the requirements of the GDPR.

It covers the obligations and rights of the processor, and the obligations of the sub-processor as well as covering duration and applicable law.

Example: Data Protection Impact Assessment

This completed form gives the example of the impact on employees of a human resources system which is to be replaced.

The new system will record additional information about employees, including biometric data such as fingerprints. It will also cover areas such as sickness, which the previous system did not cover, and so will hold health-related data.

The form records all this information, along with dates and the details of those responsible for the assessment.

Posters: For Front-of-House and Behind-the-Scenes


Next, we have included two posters. The first (green) poster is aimed at your data subjects and the second (blue) at your employees. So if we take the example of a dentist’s surgery, you might want to pin the first poster in the waiting area and the second in the staff room.

Both posters include editable form fields in which to add your own short message – possibly one with an email address or telephone number.

Information Security Awareness Training

Finally, two slides have been added to this Powerpoint presentation. These address the relevant laws outside the EU and the UK.

The first looks at the law in the USA, referring to ten pieces of legislation such as the Homeland Security Act, the Patriot Act and the Gramm-Leach-Bliley Act.

The second lists the relevant laws in India, Malaysia, Thailand, Singapore, Canada, Australia, New Zealand and South Africa.

Thank You!

We always strive to listen to the feedback from our customers, and to take their suggestions on board when making updates to any of our toolkits. If you have any suggestions to make, please get in touch. You can also leave a review here.

To buy the updated CertiKit GDPR ToolKit, click here.

We’ve helped more than 4000 businesses with their compliance


The toolkits are very clear and easy to use and probably the best examples out there for these standards. Easy to adapt or add details to, to reflect your own processes and procedures.

Aberdein Considine

View all Testimonials