Creation of a specific Policy/Procedure that is missing in your company. For example, CCTV Policy - if you have just set up monitoring, Staff Data Policy - if you have just hired an employee.
Is this service right for me?
I am introducing a new type of service in my company and I need to complete my UK GDPR documentation.
My annual UK GDPR audit shows that my documentation is not complete.
This service is suitable for:
A single UK GDPR document
Remember that the UK GDPR documentation once prepared will not necessarily be complete forever.
If there are any changes at your company related to the following: what personal data will you be handling (for example, starting to handle sensitive data through online training or CCTV), who will be process your personal data (for example, you used to handle all of your company’s data yourself, but now you have a staff member), how will you be handling your personal data (for example, prior to now all of your company’s work was conducted in the office, but now you are transitioning to remote work), you will need to create additional appropriate UK GDPR documentation.
As part of this service – we will create an additional document for you, and we will also make necessary corrections to the rest of your company’s documentation (if you have previously commissioned us to prepare it) or we will tell you in which parts of your documentation you should make such changes (if we were not the creators of your UK GDPR documentation).
Documentation – mandatory for all entities:
– PRIVACY NOTICE – a document describing how the company protects the personal data of customers/suppliers/external persons, for publication on the website/at the company’s headquarters,
– DATA RETENTION POLICY,
– DATA BREACH NOTIFICATION PROCEDURE,
– RECORD OF PROCESSING ACTIVITIES (ROPA),
– DATA BREACH RECORDS.
Depending on the company’s organisational structure, an example of supplementary paperwork would be:
1. RISK ANALYSIS (DATA PROTECTION IMPACT ASSESSMENT – DPIA) – you need to conduct a DPIA if what you do with personal data is likely to cause a high risk to the rights and freedoms of individuals, especially in the case of new technologies.
2. STAFF DATA PROTECTION POLICY, AUTHORISATION TO PROCESS PERSONAL DATA, RECORDS FOR AUTHORISATION
3. REGISTER OF REQUESTS OF PERSONAL DATA SUBJECTS (RECORDS OF DSAR)
4. AGREEMENT ON THE PROCESSING ON BEHALF OF A CONTROLLER
5. DATA SECURITY POLICY – may contain provisions regarding: SOCIAL MEDIA POLICY, PASSWORD POLICY, ELECTRONIC MESSAGING POLICY
6. COOKIES POLICY – if you have a website
7. BRING YOUR OWN DEVICE TO WORK POLICY (BOYD)
8. TEMPLATE OF CONSENT TO USE OF IMAGE (MEDIA CONSENT)
9. SENSITIVE DATA PROCESSING POLICY
10. CCTV POLICY
SINGLE PIECE OF DOCUMENTATION UK GDPR
Make an appointment for a free consultation
Go to the calendar, which will show you available dates.
Choose a day and time that suits you.
1 hour before the selected date of the online meeting - we will send you an email - a link to the meeting room.
See you soonFree online meeting