Blog GDPR Toolkit Version 4 – The Final Push

Controller and Processor

So, in a nutshell, what’s new? Well, we’ve added some documents which may help to communicate with your customers and suppliers about GDPR and confirm whether everybody is ready. These include a GDPR Readiness Statement, a GDPR Letter to Processors and a GDPR Readiness Checklist which together should save you time in responding to others, whilst helping to give some of your processors that nudge they need in the right direction.

We’ve also added a draft Data Processing Agreement which fits in with the policy we introduced in V3 and may help to get the right form of contractual words in place with your processors in a shorter time.

Ten New Policies

Many people are starting to realise that understanding your personal data is only half the battle and that the controls involved in protecting it are a whole subject in themselves. To help with this, we’ve added no less than ten information security-related policies to the Toolkit, including a Mobile Device Policy, an Access Control Policy, a Network Security Policy and a Cloud Computing Policy.

Better Awareness Training

In the area of Breach Management we’ve included a Breach Notification Letter to Data Subjects in case you’re unlucky enough to need that, and in GDPR Roles, Awareness and Training, there’s now a GDPR Awareness Training Presentation that may help to communicate all your good work on GDPR throughout the organisation.

Simpler Personal Data Analysis

We’ve tidied up the area of Personal Data Analysis and focussed on a single spreadsheet tool, the renamed Personal Data Analysis Form, with the other spreadsheets being gracefully retired due to customer confusion about how the tools related to each other. Hopefully this will make the process of understanding your personal data slicker and more meaningful.

More Privacy Policies and Notices

In the Privacy Policy and Notices folder, we’ve renamed the main policy to simply Data Protection Policy to better reflect its internal focus and introduced a template Website Privacy Policy to supplement the existing Privacy Notices in the Toolkit. We’re still big fans of Just in Time Privacy Notices, but we recognise that having a single coherent Privacy Policy on a website can also pay dividends. We’ve created some example Privacy Notices in the areas of Employment and Website Enquiry to show what these could look like.

The Privacy Notice Planning Form has been split into two, one for where the data is collected from the data subject, and the other for where it is obtained from another source.

Thanks Again

We continue to get great feedback about the GDPR Toolkit and thanks to everybody who gave us a positive review at reviews.co.uk.

Good luck with your GDPR work in the run up to 25 May and keep the enhancement suggestions coming.

Best Regards

The CertiKit Team