Data protection compliance will look different for different organisations and it does not lend itself well to a tick box approach. Templates should be used as part of a wider governance programme and will need to be adapted for your own organisation’s needs.

Wondering where to start?

Everyone has to start somewhere. If you are new to this area or think it would be useful for your organisation to get back to basics, work through our step-by-step guide to your obligations to get you on the right track. This is not designed to be a comprehensive list, but simply a starting point. 

Controller Templates

If you are a controller and need some help navigating your legal duties, taking the time to go through these controller templates will help to support your data protection compliance programme. It will also support the duties you have under the law to maintain records of your processing activities. 

Processors Templates

If you are a processor and need some help navigating your legal duties, taking the time to go through these processor templates will help to support your data protection compliance programme. It will also support the duties you have under the law to work with any controller you are contracted with.

DPIA Templates

Data Protection Impact Assessments (DPIAs) are a really important compliance tool when you are embarking on new processing or making changes to existing processes. In some cases it will a legal requirement. Find out more here. 

Data Audits

We have produced some basic templates to help you document your processing activities. There is a Data Audit (often referred to as a Data Inventory) template for controllers to complete and a different template for processors.

Please also read our general guidance on how to carry out a data audit