Documents for Business

In excess of 1,000 customisable documents covering every conceivable business issue.
Search all documents in Documents for Business
 
 

GDPR legitimate interests assessment

GDPR legitimate interests assessmentIf you intend to rely on legitimate interests as your lawful basis for processing certain personal data, you should first conduct a GDPR legitimate interests assessment.Lawful basis for processingTo process persona... Read more
 
 

GDPR data protection impact assessment

GDPR data protection impact assessmentA data protection impact assessment is required where a new type of processing is likely to result in a high risk to the rights and freedoms of data subjects. Use our document as your starting point.What's a DPIA?... Read more
 
 

GDPR consent to use of employee's image

GDPR consent to use of employee's imageNormally, you can't rely on an employee's consent as the lawful basis for processing their personal data. However, using their image in marketing materials can be an exception if they have a genuine choice about wh... Read more
 
 

GDPR data processor clauses

GDPR data processor clausesIf you use any third-party processors to handle employees' personal data, you must by law include a number of key written terms governing data protection in the commercial contracts you enter into with them.Processor obligat... Read more
 
 

GDPR personal data breaches register

GDPR personal data breaches registerThe General Data Protection Regulations (GDPR) requires you to document all personal data breaches, whether they're notifiable to the Information Commissioner's Office (ICO) or not. Use our register to do this.Mandat... Read more
 
 

GDPR letter notifying personal data breach

GDPR letter notifying personal data breachAs well as notifying the Information Commissioner's Office (ICO), certain personal data breaches must also be notified to affected data subjects. Your notification to them must, as a minimum, describe the natu... Read more
 
 

GDPR register of data subject access requests

GDPR register of data subject access requestsThe GDPR requires you to demonstrate that you're complying with the data protection principles. Maintaining a GDPR register of data subject access requests can help you show that you're observing subject acc... Read more
 
 

Letter to ex-employee threatening to contact ICO

Letter to ex-employee threatening to contact ICOUse our letter where you believe a former employee has taken personal data with them on leaving employment, such as client records, without your permission. Unlawfully obtaining personal data is a crimi... Read more
 
 

GDPR data breach policy and response plan

GDPR data breach policy and response planUse our document to ensure the prompt and effective detection, investigation, reporting and resolution of personal data breaches.Personal data breachUnder the General Data Protection Regulation (GDPR), certain... Read more
 
 

GDPR data subject access response letter

GDPR data subject access response letterUse our GDPR data subject access response letter to set out your reply to a data subject access request that's been made under the GDPR.Response requirementsThe General Data Protection Regulation (GDPR) enables ... Read more
Download each file separately