Register
Forgotten password?

Data protection law

1. Privacy policies

2
DOCUMENTS IN THIS FAMILY
A family of documents
Designed to help you to comply with UK and EU data protection law, these privacy policies are, in essence, shorter and simpler versions of our privacy and cookies policy templates. Although cookies are not referenced in the titles of these documents, cookies-related disclosures are included, albeit in summary form.

2. Privacy and cookies policies

4
DOCUMENTS IN THIS FAMILY
A family of documents
Almost every commercial website collects some personal data and few websites entirely eschew the use of cookies and similar technologies. In order to comply with data protection law and the law relating to cookies, website publishers need to disclose to users information about the personal data that they collect and the (not "strictly necessary") cookies that they use. These template privacy and cookies policies will help you do just that.

3. Cyber security incident response policy

FROM
£24
OR
20
CREDITS
This policy provides organisations with a pre-structured way of describing their policy in the event of a cyber security incident. Policy users may be a small group within an organisation, or this policy may be given to all personnel as guidance in the event of an incident. Unlike an employee, contractor or B2B cyber security policy this is not intended to be a legal ...

4. Personal data breach notification policy

FROM
£36
OR
30
CREDITS
This is a personal data breach notification policy, which sets out the procedures to be followed by a business in the event that personal data stored or processed by the business is subject to a breach. The policy has been created with SMEs in mind. The policy is designed to aid compliance with the General Data Protection Regulation or GDPR, and takes account of the ...

5. Data protection information notices

3
DOCUMENTS IN THIS FAMILY
A family of documents
The General Data Protection Regulation (GDPR) and national data protection laws require that controllers of personal data disclose information about their processing of that personal data to data subjects. These data protection information notices will help an organisation that collects personal data relating to its freelances, supplier personnel and customer personnel to comply with the applicable disclosure requirements. These documents are similar to our privacy policy template, but intended for use offline rather than online.

6. Data processing addenda

2
DOCUMENTS IN THIS FAMILY
A family of documents
These addenda should be used to complement an existing contract and bring it into line with the General Data Protection Regulation (GDPR). The GDPR is relatively prescriptive about the clauses that need to be included in contracts between controllers and processors and in contracts between between processors and sub-processors. The drafting of these documents follows the requirements of the GDPR closely.

7. Supply chain cyber security policies

2
DOCUMENTS IN THIS FAMILY
A family of documents
These cyber security policies should be used by a customer purchasing services and wanting to impose contractual obligations upon the supplier in relation to cyber security. The policies can be adapted to focus on specific risks or to apply general standards. These policies were created and are maintained by Emma Osborn of OCSRC.

8. Data processing agreements

2
DOCUMENTS IN THIS FAMILY
A family of documents
Data processing agreements between controllers of personal data and their processors have long been a requirement of EU data protection law, but with the coming of the General Data Protection Regulation (GDPR) they have become more prominent. GDPR-friendly data processing agreements also tend to be longer and more complex than pre-GDPR documents. These templates are designed to help you produce a compliant document with the minimum of fuss. They track the specific requirements of the GDPR very closely, and only supplement those requirements in a few important areas.

9. Data retention policy

FROM
£48
OR
40
CREDITS
This management-level data retention policy should be used to codify the policies and procedures of an organisation in relation to the archiving and deletion of data. The driving force behind the adoption of many retention policies is the General Data Protection Regulation (GDPR), but the suggested drafting in this document covers non-personal as well as personal data. To make effective use of this ...

10. Data sharing agreement (mutual)

FROM
£60
OR
50
CREDITS
This agreement will help you to regulate the sharing of personal data by two companies or other organisations, where each party will act as a controller with respect to the shared data. The document may be used whether the parties will exercise their authority as controllers independently or jointly. Unlike in the case of controller-to-processor transfers, there is no mandated set of clauses ...