Data Protection Toolkit - Templates

14 May 2018 Bob Harper    Last updated: 21 Jun 2018

We've created some templates and resources as a starting point for you to work with.

Document your processing activities

Under Article 30 it is a legal requirement that you keep records of your processing activities, and provide them to the regulator on request if necessary.

There are certain things that you need to capture and keep a written electronic record of.

This guidance and template will help you to get started. Read more.

Write a privacy notice

A privacy notice gives individuals important information about their data and how you use it.

Your approach to should provide clear and plain information. A privacy notice is a common way to do this.

This checklist and template makes sure you cover all the required information. Read more.

Carry out a Legitimate Interests Assessment

If you're relying on legitimate interests, perhaps as an alternative to seeking consent, it's important that you balance your legitimate interests against the interests, rights and freedoms of the data subject.

You also need to keep clear records to show that you have properly considered this balance.

This template comprises a series of questions that you can ask yourself to decide if you can use this lawful basis for your processing. Read more.

Handle a breach

If the world were perfect, you'd never have to do this. But it isn't, and you can never be 100% certain that human error or a cyber attack can't and won't happen.

It's best to be prepared so that you know what to do should you need to.

It'll also reassure you to know that there's a process in place so you can deal with it, rather than worry unnecessarily. Read more.



Every effort is made to ensure that the contents of this document are accurate, but the advice given should not be relied on as a definitive legal statement.'s picture
by Bob Harper

Data Development Coordinator

[email protected]