As May 25th draws ever closer we thought we thought you might appreciate a Toolkit update that addresses many of the requests we’ve had since V3. This release is intended to bolster key areas, such as Controller and Processor, Privacy Notices and Accountability/Security, whilst providing a bit more definition in others, such as Personal Data Analysis.
So, in a nutshell, what’s new? Well, we’ve added some documents which may help to communicate with your customers and suppliers about GDPR and confirm whether everybody is ready. These include a GDPR Readiness Statement, a GDPR Letter to Processors and a GDPR Readiness Checklist which together should save you time in responding to others, whilst helping to give some of your processors that nudge they need in the right direction.
We’ve also added a draft Data Processing Agreement which fits in with the policy we introduced in V3 and may help to get the right form of contractual words in place with your processors in a shorter time.
Many people are starting to realise that understanding your personal data is only half the battle and that the controls involved in protecting it are a whole subject in themselves. To help with this, we’ve added no less than ten information security-related policies to the Toolkit, including a Mobile Device Policy, an Access Control Policy, a Network Security Policy and a Cloud Computing Policy.
In the area of Breach Management we’ve included a Breach Notification Letter to Data Subjects in case you’re unlucky enough to need that, and in GDPR Roles, Awareness and Training, there’s now a GDPR Awareness Training Presentation that may help to communicate all your good work on GDPR throughout the organisation.
We’ve tidied up the area of Personal Data Analysis and focussed on a single spreadsheet tool, the renamed Personal Data Analysis Form, with the other spreadsheets being gracefully retired due to customer confusion about how the tools related to each other. Hopefully this will make the process of understanding your personal data slicker and more meaningful.
The Privacy Notice Planning Form has been split into two, one for where the data is collected from the data subject, and the other for where it is obtained from another source.
We continue to get great feedback about the GDPR Toolkit and thanks to everybody who gave us a positive review at reviews.co.uk.
Good luck with your GDPR work in the run up to 25 May and keep the enhancement suggestions coming.
The CertiKit Team