EU GDPR Toolkit Documents

Your complete toolkit for EU GDPR compliance

Aligned with the latest EU GDPR requirements, the CertiKit EU GDPR Toolkit offers a structured approach to implementing data protection controls and simplifying the process of achieving and maintaining compliance to the EU General Data Protection Regulation.

Developed by experienced data protection and privacy professionals, the toolkit includes fully customisable templates, detailed step-by-step guidance, and all essential policies, procedures, and documentation needed to meet the requirements of the Regulation.

The toolkit is suitable for organisations of all sizes and is delivered in Microsoft Office format for seamless integration with your existing policies and procedures.

Expert support is included to ensure you have all the GDPR knowledge and assistance needed to successfully implement and manage data protection within your organisation.

Below is the complete list of the EU GDPR documents included in the toolkit, structured according to the Regulation. Each section can be expanded by clicking on it, and you can also click on individual links below to view full samples of selected documents.

The full set of documents and support materials is available for immediate download upon purchase.

Learn more about this toolkit

EU GDPR Toolkit documents

The full list of EU GDPR Toolkit documents

Take a look at full samples of selected documents

0 CERTIKIT GDPR Toolkit Guidance

-	DOWNLOADABLE List of Documents in the Toolkit	2 pages	View sample
-	A Guide to Implementing the GDPR	32 pages	View sample
-	ATTENTION READ ME FIRST Toolkit Completion Instructions	13 pages
-	GDPR Toolkit Index	4 tabs
-	EU General Data Protection Regulation 2016	88 pages

1 GDPR Preparation Project

GDPR-DOC-01-1	GDPR Compliance Project Initiation Document	22 pages
GDPR-DOC-01-2	GDPR Preparation Project Plan (Microsoft Project format)	1 plan
GDPR-DOC-01-3	GDPR Preparation Project Plan (Microsoft Excel format)	5 tabs	View sample
GDPR-DOC-01-4	GDPR Documentation Log	2 tabs
GDPR-DOC-01-5	GDPR Briefing Presentation	19 slides
GDPR-DOC-01-6	Executive Support Letter	5 pages
GDPR-FORM-01-1	Compliance Evidence	2 tabs
GDPR-FORM-01-2	Meeting Minutes	6 pages
GDPR-FORM-01-3	GDPR Gap Assessment Tool	4 tabs	View sample

2 GDPR Roles, Awareness and Training

GDPR-DOC-02-1	GDPR Roles and Responsibilities	14 pages	View sample
GDPR-DOC-02-2	GDPR Competence Development Procedure	16 pages
GDPR-DOC-02-3	GDPR Communication Programme	13 pages
GDPR-DOC-02-4	Information Security Awareness Training	37 slides
GDPR-DOC-02-5	GDPR Awareness Training Presentation	20 slides
GDPR-FORM-02-1	GDPR Competence Development Questionnaire	3 tabs
-	EXAMPLE GDPR Competence Development Questionnaire	2 tabs
-	GDPR Awareness Poster (for data subjects)	1 poster
-	GDPR Awareness Poster (for employees)	1 poster

3 Personal Data Analysis

GDPR-DOC-03-1	Persona Data Analysis Procedure	10 pages
GDPR-DOC-03-2	Legitimate Interest Assessment Procedure	12 pages	View sample
GDPR-FORM-03-1	Records of Processing Activities	2 tabs
GDPR-FORM-03-2	Personal Data Analysis Form	3 tabs
GDPR-FORM-03-3	Personal Data Analysis Diagram - VISIO	2 tabs
GDPR-FORM-03-4	Personal Data - Initial Questionnaire	6 pages
GDPR-FORM-03-5	Legitimate Interest Assessment Form	11 pages
-	EXAMPLE Personal Data Analysis Diagram - VISIO	3 tabs	View sample
-	EXAMPLE Personal Data Analysis Form	2 tabs	View sample
-	EXAMPLE Legitimate Interest Assessment Form	7 pages
-	EXAMPLE Personal Data - Initial Questionnaire	3 pages

4 Privacy Policy and Notices

GDPR-DOC-04-1	Records Retention and Protection Policy	12 pages
GDPR-DOC-04-2	Data Protection Policy	15 pages	View sample
GDPR-DOC-04-3	Privacy Notice Procedure	12 pages
GDPR-DOC-04-4	Website Privacy Policy	12 pages
GDPR-DOC-04-5	CCTV Policy	11 pages
GDPR-DOC-04-6	Data Masking Policy	10 pages
GDPR-DOC-04-7	Data Masking Process	13 pages
GDPR-DOC-04-8	Information Deletion Policy	9 pages
GDPR-FORM-04-1	Privacy Notice Planning Form - Data Subjects	6 pages
GDPR-FORM-04-2	Consent Request Form	6 pages
GDPR-FORM-04-3	Privacy Notice Planning Form - Other Source	6 pages
-	EXAMPLE Consent Request Form	2 pages
-	EXAMPLE Privacy Notice - CCTV	2 pages
-	EXAMPLE Privacy Notice - Employment	4 pages
-	EXAMPLE Privacy Notice - Newsletter Signup	2 pages
-	EXAMPLE Privacy Notice - Online Purchase	2 pages
-	EXAMPLE Privacy Notice - Website Enquiry	2 pages
-	EXAMPLE Website Privacy Policy	8 pages
-	EXAMPLE Privacy Notice Planning Form - Data Subject	3 pages
-	EXAMPLE Privacy Notice Planning Form - Other Source	3 pages

5 Rights of the Data Subject

GDPR-DOC-05-1	Data Subject Request Procedure	18 pages	View sample
GDPR-DOC-05-2	Data Subject Request Register	2 tabs
GDPR-FORM-05-1	Data Subject Request Form	6 pages
GDPR-FORM-05-2	Data Subject Request Rejection	6 pages
GDPR-FORM-05-3	Data Subject Request Charge	6 pages
GDPR-FORM-05-4	Data Subject Request Time Extension	6 pages
-	EXAMPLE Data Subject Request Form	2 pages

6 Controllers and Processors

GDPR-DOC-06-1	GDPR Controller-Processor Agreement Policy	11 pages	View sample
GDPR-DOC-06-2	Processor GDPR Assessment Procedure	10 pages
GDPR-DOC-06-3	Processor Security Controls	13 pages
GDPR-DOC-06-4	GDPR Compliance Statement	6 pages
GDPR-DOC-06-5	GDPR Letter to Processors	6 pages	View sample
GDPR-FORM-06-1	GDPR Contract Review Tool	2 tabs
GDPR-FORM-06-2	Processor GDPR Assessment	6 pages
GDPR-FORM-06-3	Processor Employee Confidentiality Agreement	10 pages
GDPR-FORM-06-4	GDPR Compliance Checklist	7 pages
GDPR-FORM-06-5	Data Processing Agreement	12 pages
GDPR-FORM-06-6	Sub-Processor Agreement	12 pages
-	EXAMPLE Processor GDPR Assessment	3 pages
-	EDPB Approved SCCs - Danish SA Jan 2020	22 pages

7 Data Protection Impact Assessment

GDPR-DOC-07-1	Data Protection Impact Assessment Process	20 pages	View sample
GDPR-DOC-07-2	Data Protection Impact Assessment Report	16 pages
GDPR-FORM-07-1	Data Protection Impact Assessment Tool	6 tabs	View sample
GDPR-FORM-07-2	Data Protection Impact Assessment Questionnaire	7 pages
-	EXAMPLE Data Protection Impact Assessment	5 tabs

8 International Transfers

GDPR-DOC-08-1	Procedure for International Transfers of Personal Data	12 pages	View sample
-	EC Standard Contractual Clauses 4 June 2021	31 pages

9 Personal Data Breach Management

GDPR-DOC-09-1	Information Security Incident Response Procedure	26 pages
GDPR-DOC-09-2	Personal Data Breach Notification Procedure	14 pages	View sample
GDPR-DOC-09-3	Personal Data Breach Register	2 tabs
GDPR-DOC-09-4	Incident Response Plan Data Breach	11 pages
GDPR-FORM-09-1	Personal Data Breach Notification Form	8 pages
GDPR-FORM-09-2	Breach Notification Letter to Data Subjects	5 pages
-	EXAMPLE Breach Notification Letter to Data Subjects	2 pages
-	EXAMPLE Personal Data Breach Notification Form	2 pages

10 Information Security Policies

GDPR-DOC-10-1	Information Security Policy	12 pages
GDPR-DOC-10-2	Mobile Device Policy	13 pages
GDPR-DOC-10-3	Access Control Policy	15 pages	View sample
GDPR-DOC-10-4	Cryptographic Policy	12 pages
GDPR-DOC-10-5	Physical Security Policy	11 pages
GDPR-DOC-10-6	Anti-Malware Policy	14 pages
GDPR-DOC-10-7	Network Security Policy	15 pages	View sample
GDPR-DOC-10-8	Electronic Messaging Policy	12 pages
GDPR-DOC-10-9	Cloud Computing Policy	10 pages
GDPR-DOC-10-10	Acceptable Use Policy	10 pages
GDPR-DOC-10-11	HR Security Policy	10 pages
GDPR-DOC-10-12	Social Media Policy	10 pages
GDPR-DOC-10-13	BYOD Policy	11 pages

11 European Data Protection Board (EDPB) Guidelines

-	EDPB Guidelines on Data Portability 5 Apr 2017	20 pages
-	EDPB Guidelines on Data Protection Officers 5 Apr 2017	25 pages
-	EDPB Guidelines on Lead Supervisory Authority 5 Apr 2017	12 pages
-	EDPB Guidelines on DPIA 4 Oct 2017	22 pages
-	EDPB Guidelines on Profiling 6 Feb 2018	37 pages
-	EDPB Guidelines on Transparency 11 Apr 2018	40 pages
-	EDPB Guidelines on Online Services 8 Oct 2019	16 pages
-	EDPB Guidelines on Contractual Lawful Basis 8 Oct 2019	16 pages
-	EDPB Guidelines on Territorial Scope 12 Nov 2019	28 pages
-	EDPB Guidelines on Use of Video Devices 29 Jan 2020	33 pages
-	EDPB Guidelines on Contact Tracing for COVID-19 21 Apr 2020	19 pages
-	EDPB Guidelines on Consent 4 May 2020	33 pages
-	EDPB Guidelines on Data Protection by Design and by Default 20 Oct 2020	31 pages
-	EDPB Guidelines on Concepts of Controller and Processor 7 Jul 2021	51 pages
-	EDPB Guidelines on Restrictions Under Article 23 13 Oct 2021	20 pages
-	EDPB Guidelines on Examples Regarding Personal Data Breach Notification 14 Dec 2021	32 pages
-	EDPB Guidelines on Interplay Between Article 3 and Chapter V 14 Feb 2023	24 pages
-	EDPB Guidelines on Certification as a Tool for Transfers 14 Feb 2023	19 pages
-	EDPB Guidelines on Personal Data Breach Notification 28 Mar 2023	33 pages
-	EDPB Guidelines on Data Subject Rights - Right of Access 28 Mar 2023	63 pages
-	EDPB Guidelines on Identifying a Lead Supervisory Authority 28 Mar 2023	14 pages

easy to use

Developed in Microsoft Office

The documents are created in Microsoft Office format and are ready to be tailored to your organisation’s specific needs. As well as standard format and contents, the template documents include example text that is clearly highlighted to illustrate the type of information that needs to be given regarding your organisation. Full example documents are also included to help you with your implementation.