About the Low Cost GDPR Templates Kit

What is the Low Cost GDPR Templates Kit?

Our Low Cost GDPR Templates Kit is the fast and easy way to ensure that your organization is made complaint with the GDPR regulations that come into effect as of the 25th of May. The Kit includes complete instructions and all of the tools and document templates you will need.

Whom is the Low Cost GDPR Templates Kit for?

Our Low Cost GDPR Templates Kit has been made specifically for companies who need to achieve full GDPR compliance quickly and with no unnecessary expense, consultants who provide services relating to GDPR compliance, and compliance specialists within larger organizations who are responsible for GDPR issues.

Are the document templates industry specific?

No, they apply to organisations of all kind, in all industries. This includes both non- profit and for-profit companies of all sizes.

How much customization will I need in order to adapt the templates to my organization?

You will most likely need to spend at least some time adapting the included templates to your organisation and its processes. These adaptations might include details of governance, your IT systems and infrastructure, and the specific applications you use. Complete, detailed customisation instructions have been included in the Low Cost GDPR Templates Kit.

Do you sell individual documents form the toolkit?

No. The Low Cost GDPR Templates Kit is sold as a single unit, a complete tool kit for making nearly any organisation into compliance with the GDPR quickly and easily.

What format are the template documents in?

On purchase, you will receive a ZIP file. When unzipped, it contains documents conveniently formatted for MS Office. Most ore MS Word documents, but a few of the interactive tools are MS Excel documents. All of these documents can be customised and edited easily.

How will I receive the documents after purchase?

Once your order has been accepted, you can download the kit directly from our website. We will send you an email which includes the link as well, so you can download the kit later. The templates will be in a single ZIP file which unzips to provide all of the kit’s documents and tools.

What payment methods do you accept?

We accept American Express, Discover, MasterCard and Visa credit card payments, or payment via PayPal. In the interests of security, we have implemented PayPal Express Checkout procedures for both PayPal and credit card payments. After you click the ‘continue to payment’ option, you will be able to select your preferred payment method and fill in all necessary information in complete safety.

GDPR Highlights

What is GDPR?

The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. Companies that are already in compliance with the Directive must ensure that they’re compliant with the new requirements of the GDPR before it becomes effective on May 25, 2018. Companies that fail to achieve GDPR compliance before the deadline will be subject to stiff penalties and fines.

GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key privacy and data protection requirements of the GDPR include:

  • Requiring the consent of subjects for data processing
  • Anonymizing collected data to protect privacy
  • Providing data breach notifications
  • Safely handling the transfer of data across borders
  • Requiring certain companies to appoint a data protection officer to oversee GDPR compliance

Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data.

Does the GDPR apply to my organisation?

The GDPR applies more broadly than might be apparent at first glance. Unlike privacy laws in some other jurisdictions, the GDPR is applicable to organisations of all sizes and all industries. Specifically, the GDPR applies to:

  • processing of anyone’s personal data, if the processing is done in the context of the activities of an organisation established in the EU (regardless of where the processing takes place);
  • processing of personal data of individuals who reside in the EU by an organisation established outside the EU, where that processing relates to the offering of goods or services to those individuals or to the monitoring of their behaviour.

The EU is often viewed as a role model on privacy issues internationally, so we also expect to see concepts in the GDPR adopted in other parts of the world over time.

What are the penalties for non-compliance?

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

What is the deadline for compliance?

The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by the government, meaning it will be in force May 25, 2018.

What constitutes personal data?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What is the difference between a processor and a controller?

A controller determines the purposes and means of processing personal data.

A processor is responsible for processing personal data on behalf of a controller.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.

However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.