Site navigation.

• Digital Regulations Database
  • EU GDPR Digital Regulation
    • View Regulation – EU GDPR
      • Chapter 01: General provisions
        • Article 01: Subject-matter and objectives
          • Article 01.01
          • Article 01.02
          • Article 01.03
        • Article 02: Material scope
        • Article 03: Territorial scope
        • Article 04: Definitions
      • Chapter 02: Principles
        • Article 05: Principles relating to processing of personal data
          • Article 05.01
            • Article 05.01.a
            • Article 05.01.b
            • Article 05.01.c
            • Article 05.01.d
            • Article 05.01.e
            • Article 05.01.f
          • Article 05.02
        • Article 06: Lawfulness of processing
          • Article 06.01
          • Article 06.02
          • Article 06.03
          • Article 06.04
        • Article 07: Conditions for consent
          • Article 07.01
          • Article 07.02
          • Article 07.03
          • Article 07.04
        • Article 08: Conditions applicable to child’s consent in relation to information society services
          • Article 08.01
          • Article 08.02
          • Article 08.03
        • Article 09: Processing of special categories of personal data
          • Article 09.01
          • Article 09.02
          • Article 09.03
          • Article 09.04
        • Article 10: Processing of personal data relating to criminal convictions and offences
        • Article 11: Processing which does not require identification
          • Article 11.01
          • Article 11.02
      • Chapter 03: Rights of the data subject
        • Chapter 03 – Section 01 – Transparency and modalities
          • Article 12: Transparent information, communication and modalities for the exercise of the rights of the data subject
            • Article 12.01
            • Article 12.02
            • Article 12.03
            • Article 12.04
            • Article 12.05
            • Article 12.06
            • Article 12.07
            • Article 12.08
        • Chapter 03 – Section 02 – Information and access to personal data
          • Article 13: Information to be provided where personal data are collected from the data subject
            • Article 13.01
            • Article 13.02
            • Article 13.03
            • Article 13.04
          • Article 14: Information to be provided where personal data have not been obtained from the data subject
            • Article 14.01
            • Article 14.02
            • Article 14.03
            • Article 14.04
            • Article 14.05
          • Article 15: Right of access by the data subject
            • Article 15.01
            • Article 15.02
            • Article 15.03
            • Article 15.04
        • Chapter 03 – Section 03 – Rectification and erasure
          • Article 16: Right to rectification
          • Article 17: Right to erasure (‘right to be forgotten’)
            • Article 17.01
            • Article 17.02
            • Article 17.03
          • Article 18: Right to restriction of processing
            • Article 18.01
            • Article 18.02
            • Article 18.03
          • Article 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing
          • Article 20: Right to data portability
            • Article 20.01
            • Article 20.02
            • Article 20.03
            • Article 20.04
        • Chapter 03 – Section 04 – Right to object and automated individual decision-making
          • Article 21: Right to object
            • Article 21.01
            • Article 21.02
            • Article 21.03
            • Article 21.04
            • Article 21.05
            • Article 21.06
          • Article 22: Automated individual decision-making, including profiling
            • Article 22.01
            • Article 22.02
            • Article 22.03
            • Article 22.04
        • Chapter 03 – Section 05 – Restrictions
          • Article 23: Restrictions
            • Article 23.01
            • Article 23.02
      • Chapter 04: Controller and processor
        • Chapter 04 – Section 01 – General obligations
          • Article 24: Responsibility of the controller
            • Article 24.01
            • Article 24.02
            • Article 24.03
          • Article 25: Data protection by design and by default
            • Article 25.01
            • Article 25.02
            • Article 25.03
          • Article 26: Joint controllers
            • Article 26.01
            • Article 26.02
            • Article 26.03
          • Article 27: Representatives of controllers or processors not established in the Union
            • Article 27.01
            • Article 27.02
            • Article 27.03
            • Article 27.04
            • Article 27.05
          • Article 28: Processor
            • Article 28.01
            • Article 28.02
            • Article 28.03
            • Article 28.04
            • Article 28.05
            • Article 28.06
            • Article 28.07
            • Article 28.08
            • Article 28.09
            • Article 28.10
          • Article 29: Processing under the authority of the controller or processor
          • Article 30: Records of processing activities
            • Article 30.01
            • Article 30.02
            • Article 30.03
            • Article 30.04
            • Article 30.05
          • Article 31: Cooperation with the supervisory authority
        • Chapter 04 – Section 02 – Security of personal data
          • Article 32: Security of processing
            • Article 32.01
            • Article 32.02
            • Article 32.03
            • Article 32.04
          • Article 33: Notification of a personal data breach to the supervisory authority
            • Article 33.01
            • Article 33.02
            • Article 33.03
            • Article 33.04
            • Article 33.05
          • Article 34: Communication of a personal data breach to the data subject
            • Article 34.01
            • Article 34.02
            • Article 34.03
            • Article 34.04
        • Chapter 04 – Section 03 – Data protection impact assessment and prior consultation
          • Article 35: Data protection impact assessment
            • Article 35.01
            • Article 35.02
            • Article 35.03
            • Article 35.04
            • Article 35.05
            • Article 35.06
            • Article 35.07
            • Article 35.08
            • Article 35.09
            • Article 35.10
            • Article 35.11
          • Article 36: Prior consultation
            • Article 36.01
            • Article 36.02
            • Article 36.03
            • Article 36.04
            • Article 36.05
        • Chapter 04 – Section 04 – Data protection officer
          • Article 37: Designation of the data protection officer
            • Article 37.01
            • Article 37.02
            • Article 37.03
            • Article 37.04
            • Article 37.05
            • Article 37.06
            • Article 37.07
          • Article 38: Position of the data protection officer
            • Article 38.01
            • Article 38.02
            • Article 38.03
            • Article 38.04
            • Article 38.05
            • Article 38.06
          • Article 39: Tasks of the data protection officer
            • Article 39.01
            • Article 39.02
        • Chapter 04 – Section 05 – Codes of conduct and certification
          • Article 40: Codes of conduct
            • Article 40.01
            • Article 40.02
            • Article 40.03
            • Article 40.04
            • Article 40.05
            • Article 40.06
            • Article 40.07
            • Article 40.08
            • Article 40.09
            • Article 40.10
            • Article 40.11
          • Article 41: Monitoring of approved codes of conduct
            • Article 41.01
            • Article 41.02
            • Article 41.03
            • Article 41.04
            • Article 41.05
            • Article 41.06
          • Article 42: Certification
            • Article 42.01
            • Article 42.02
            • Article 42.03
            • Article 42.04
            • Article 42.05
            • Article 42.06
            • Article 42.07
            • Article 42.08
          • Article 43: Certification bodies
            • Article 43.01
            • Article 43.02
            • Article 43.03
            • Article 43.04
            • Article 43.05
            • Article 43.06
            • Article 43.07
            • Article 43.08
            • Article 43.09
      • Chapter 05: Transfers of personal data to third countries or international organisations
        • Article 44: General principle for transfers
        • Article 45: Transfers on the basis of an adequacy decision
          • Article 45.01
          • Article 45.02
          • Article 45.03
          • Article 45.04
          • Article 45.05
          • Article 45.06
          • Article 45.07
          • Article 45.08
          • Article 45.09
        • Article 46: Transfers subject to appropriate safeguards
          • Article 46.01
          • Article 46.02
          • Article 46.03
          • Article 46.04
          • Article 46.05
        • Article 47: Binding corporate rules
          • Article 47.01
          • Article 47.02
          • Article 47.03
        • Article 48: Transfers or disclosures not authorised by Union law
        • Article 49: Derogations for specific situations
          • Article 49.01
          • Article 49.02
          • Article 49.03
          • Article 49.04
          • Article 49.05
          • Article 49.06
        • Article 50: International cooperation for the protection of personal data
          • Article 50.01
      • Chapter 06: Independent supervisory authorities
        • Chapter 06 – Section 01 – Independent status
          • Article 51: Supervisory authority
            • Article 51.01
            • Article 51.02
            • Article 51.03
            • Article 51.04
          • Article 52: Independence
            • Article 52.01
            • Article 52.02
            • Article 52.03
            • Article 52.04
            • Article 52.05
            • Article 52.06
          • Article 53: General conditions for the members of the supervisory authority
            • Article 53.01
            • Article 53.02
            • Article 53.03
            • Article 53.04
          • Article 54: Rules on the establishment of the supervisory authority
            • Article 54.01
            • Article 54.02
        • Chapter 06 – Section 02 – Competence, tasks and powers
          • Article 55: Competence
            • Article 55.01
            • Article 55.02
            • Article 55.03
          • Article 56: Competence of the lead supervisory authority
            • Article 56.01
            • Article 56.02
            • Article 56.03
            • Article 56.04
            • Article 56.05
            • Article 56.06
          • Article 57: Tasks
            • Article 57.01
            • Article 57.02
            • Article 57.03
            • Article 57.04
          • Article 58: Powers
            • Article 58.01
            • Article 58.02
            • Article 58.03
            • Article 58.04
            • Article 58.05
            • Article 58.06
          • Article 59: Activity reports
      • Chapter 07: Cooperation and consistency
        • Chapter 07 – Section 01 – Cooperation
          • Article 60: Cooperation between the lead supervisory authority and the other supervisory authorities concerned
            • Article 60.01
            • Article 60.02
            • Article 60.03
            • Article 60.04
            • Article 60.05
            • Article 60.06
            • Article 60.07
            • Article 60.08
            • Article 60.09
            • Article 60.10
            • Article 60.11
            • Article 60.12
          • Article 61: Mutual assistance
            • Article 61.01
            • Article 61.02
            • Article 61.03
            • Article 61.04
            • Article 61.05
            • Article 61.06
            • Article 61.07
            • Article 61.08
            • Article 61.09
          • Article 62: Joint operations of supervisory authorities
            • Article 62.01
            • Article 62.02
            • Article 62.03
            • Article 62.04
            • Article 62.05
            • Article 62.06
            • Article 62.07
        • Chapter 07 – Section 02 – Consistency
          • Article 63: Consistency mechanism
          • Article 64: Opinion of the Board
            • Article 64.01
            • Article 64.02
            • Article 64.03
            • Article 64.04
            • Article 64.05
            • Article 64.06
            • Article 64.07
            • Article 64.08
          • Article 65: Dispute resolution by the Board
            • Article 65.01
            • Article 65.02
            • Article 65.03
            • Article 65.04
            • Article 65.05
            • Article 65.06
          • Article 66: Urgency procedure
            • Article 66.01
            • Article 66.02
            • Article 66.03
            • Article 66.04
          • Article 67: Exchange of information
        • Chapter 07 – Section 03 – European data protection board
          • Article 68: European Data Protection Board
            • Article 68.01
            • Article 68.02
            • Article 68.03
            • Article 68.04
            • Article 68.05
            • Article 68.06
          • Article 69: Independence
            • Article 69.01
            • Article 69.02
          • Article 70: Tasks of the Board
            • Article 70.01
            • Article 70.02
            • Article 70.03
            • Article 70.04
          • Article 71: Reports
            • Article 71.01
            • Article 71.02
          • Article 72: Procedure
            • Article 72.01
            • Article 72.02
          • Article 73: Chair
            • Article 73.01
            • Article 73.02
          • Article 74: Tasks of the Chair
            • Article 74.01
            • Article 74.02
          • Article 75: Secretariat
            • Article 75.01
            • Article 75.02
            • Article 75.03
            • Article 75.04
            • Article 75.05
            • Article 75.06
          • Article 76: Confidentiality
            • Article 76.01
            • Article 76.02
      • Chapter 08: Remedies, liability and penalties
        • Article 77: Right to lodge a complaint with a supervisory authority
          • Article 77.01
          • Article 77.02
        • Article 78: Right to an effective judicial remedy against a supervisory authority
          • Article 78.01
          • Article 78.02
          • Article 78.03
          • Article 78.04
        • Article 79: Right to an effective judicial remedy against a controller or processor
          • Article 79.01
          • Article 79.02
        • Article 80: Representation of data subjects
          • Article 80.01
          • Article 80.02
        • Article 81: Suspension of proceedings
          • Article 81.01
          • Article 81.02
          • Article 81.03
        • Article 82: Right to compensation and liability
          • Article 82.01
          • Article 82.02
          • Article 82.03
          • Article 82.04
          • Article 82.05
          • Article 82.06
        • Article 83: General conditions for imposing administrative fines
          • Article 83.01
          • Article 83.02
          • Article 83.03
          • Article 83.04
          • Article 83.05
          • Article 83.06
          • Article 83.07
          • Article 83.08
          • Article 83.09
        • Article 84: Penalties
          • Article 84.01
          • Article 84.02
      • Chapter 09: Provisions relating to specific processing situations
        • Article 85: Processing and freedom of expression and information
          • Article 85.01
          • Article 85.02
          • Article 85.03
        • Article 86: Processing and public access to official documents
        • Article 87: Processing of the national identification number
        • Article 88: Processing in the context of employment
          • Article 88.01
          • Article 88.02
          • Article 88.03
        • Article 89: Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
          • Article 89.01
          • Article 89.02
          • Article 89.03
          • Article 89.04
        • Article 90: Obligations of secrecy
          • Article 90.01
          • Article 90.02
        • Article 91: Existing data protection rules of churches and religious associations
          • Article 91.01
          • Article 91.02
      • Chapter 10: Delegated acts and implementing acts
        • Article 92: Exercise of the delegation
          • Article 92.01
          • Article 92.02
          • Article 92.03
          • Article 92.04
          • Article 92.05
        • Article 93: Committee procedure
          • Article 93.01
          • Article 93.02
          • Article 93.03
      • Chapter 11: Final provisions
        • Article 94: Repeal of Directive 95/46/EC
          • Article 94.01
          • Article 94.02
        • Article 95: Relationship with Directive 2002/58/EC
        • Article 96: Relationship with previously concluded Agreements
        • Article 97: Commission reports
          • Article 97.01
          • Article 97.02
          • Article 97.03
          • Article 97.04
          • Article 97.05
        • Article 98: Review of other Union legal acts on data protection
        • Article 99: Entry into force and application
          • Article 99.01
          • Article 99.02
  • Nigeria NDPA Digital Regulation
    • View Regulation – Nigeria NDPA – 2023
      • Part 01 – Objectives and Application
        • Article 01: Objectives
          • Article 01.01
        • Article 02: Application
          • Article 02.01
          • Article 02.02
        • Article 03: Exemption of Application
          • Article 03.01
          • Article 03.02
          • Article 03.03
          • Article 03.04
      • Part 02 – Establishment of the Nigeria Data Protection Commission and its Governing Council
        • Article 04: Establishment of the Nigeria Data Protection Commission
          • Article 04.01
          • Article 04.02
          • Article 04.03
          • Article 04.04
        • Article 05: Functions of the Commission
        • Article 06: Powers of the Commission
        • Article 07: Independence of the Commission
        • Article 08: Establishment of the Governing Council of the Commission
          • Article 08.01
          • Article 08.02
          • Article 08.03
        • Article 09: Appointment of members of the Council
          • Article 09.01
          • Article 09.02
        • Article 10: Tenure of members of the Council
          • Article 10.01
          • Article 10.02
        • Article 11: Cessation of Membership
          • Article 11.01
          • Article 11.02
          • Article 11.03
        • Article 12: Functions and Powers of the Council
          • Article 12.01
          • Article 12.02
        • Article 13: Conflict of Interest
          • Article 13.01
          • Article 13.02
      • Part 03 – Appointment of the National Commissioner, and Other Staff of the Commission
        • Article 14: Appointment of the National Commissioner for the Commission
          • Article 14.01
          • Article 14.02
          • Article 14.03
          • Article 14.04
        • Article 15: Secretary to the Council
        • Article 16: Staff of the Commission
        • Article 17: Staff Regulations and Discipline
          • Article 17.01
          • Article 17.02
        • Article 18: Pension
          • Article 18.01
          • Article 18.02
          • Article 18.03
      • Part 04 – Financial Provisions
        • Article 19: Funds of the Commission
          • Article 19.01
          • Article 19.02
          • Article 19.03
          • Article 19.04
        • Article 20: Expenditure of the Fund
          • Article 20.01
          • Article 20.02
        • Article 21: Power to Borrow and Accept Gifts
          • Article 21.01
          • Article 21.02
        • Article 22: Account and Audit
          • Article 22.01
          • Article 22.02
          • Article 22.03
          • Article 22.04
        • Article 23: Annual Reports and Estimates
          • Article 23.01
          • Article 23.02
      • Part 05 – Principles and Lawful Basis Governing Processing of Personal Data
        • Article 24: Principles of Personal Data Processing
          • Article 24.01
          • Article 24.02
          • Article 24.03
          • Article 24.04
        • Article 25: Lawful Basis of Personal Data Processing
          • Article 25.01
          • Article 25.02
        • Article 26: Consent
          • Article 26.01
          • Article 26.02
          • Article 26.03
          • Article 26.04
          • Article 26.05
          • Article 26.06
          • Article 26.07
        • Article 27: Provision of Information to the Data Subject
          • Article 27.01
          • Article 27.02
          • Article 27.03
        • Article 28: Data Privacy Impact Assessment
          • Article 28.01
          • Article 28.02
          • Article 28.03
          • Article 28.04
        • Article 29: Obligations of the Data Controller and Data Processor
          • Article 29.01
          • Article 29.02
        • Article 30: Sensitive Personal Data
          • Article 30.01
          • Article 30.02
          • Article 30.03
        • Article 31: Children or Persons Lacking the Legal Capacity to Consent
          • Article 31.01
          • Article 31.02
          • Article 31.03
          • Article 31.04
          • Article 31.05
          • Article 31.06
        • Article 32: Data Protection Officers
          • Article 32.01
          • Article 32.02
          • Article 32.03
        • Article 33: Data Protection Compliance Services
      • Part 06 – Rights of a Data Subject
        • Article 34: Rights of a Data Subject
          • Article 34.01
          • Article 34.02
        • Article 35: Withdrawal of Consent
          • Article 35.01
          • Article 35.02
        • Article 36: Right to Object
          • Article 36.01
          • Article 36.02
          • Article 36.03
          • Article 36.04
        • Article 37: Automated Decision Making
          • Article 37.01
          • Article 37.02
          • Article 37.03
        • Article 38: Data Portability
          • Article 38.01
          • Article 38.02
          • Article 38.03
      • Part 07 – Data Security
        • Article 39: Security, Integrity and Confidentiality
          • Article 39.01
          • Article 39.02
        • Article 40: Personal Data Breaches
          • Article 40.01
          • Article 40.02
          • Article 40.03
          • Article 40.04
          • Article 40.05
          • Article 40.06
          • Article 40.07
          • Article 40.08
          • Article 40.09
      • Part 08 – Cross-Border Transfers of Personal Data
        • Article 41: Basis for Cross-Border Transfer of Personal Data
          • Article 41.01
          • Article 41.02
          • Article 41.03
          • Article 41.04
        • Article 42: Adequacy of Protection
          • Article 42.01
          • Article 42.02
          • Article 42.03
          • Article 42.04
          • Article 42.05
          • Article 42.06
          • Article 42.07
        • Article 43: Other Bases for Transfer of Personal Data outside Nigeria
          • Article 43.01
          • Article 43.02
      • Part 09 – Registration and Fees
        • Article 44: Registration of Data Controllers and Data Processors of Major Importance
          • Article 44.01
          • Article 44.02
          • Article 44.03
          • Article 44.04
          • Article 44.05
          • Article 44.06
        • Article 45: Fees and Levies
      • Part 10 – Enforcement
        • Article 46: Complaints and Investigations
          • Article 46.01
          • Article 46.02
          • Article 46.03
          • Article 46.04
          • Article 46.05
          • Article 46.06
          • Article 46.07
          • Article 46.08
        • Article 47: Compliance Orders
          • Article 47.01
          • Article 47.02
          • Article 47.03
        • Article 48: Enforcement Orders
          • Article 48.01
          • Article 48.02
          • Article 48.03
          • Article 48.04
          • Article 48.05
          • Article 48.06
        • Article 49: Offences and Penalties
          • Article 49.01
        • Article 50: Judicial Review
        • Article 51: Civil Remedies
        • Article 52: Forfeiture
        • Article 53: Joint and Vicarious Liability
          • Article 53.01
          • Article 53.02
      • Part 11 – Legal Proceedings
        • Article 54: Limitation of Suits against the Commission
          • Article 54.01
          • Article 54.02
          • Article 54.03
          • Article 54.04
        • Article 55: Service of Documents
        • Article 56: Restriction on Execution against Property of the Commission
          • Article 56.01
          • Article 56.02
        • Article 57: Indemnity of staff, members, and employees of the Commission
        • Article 58: Power of Arrest, Search, and Seizure
          • Article 58.01
          • Article 58.02
          • Article 58.03
        • Article 59: Right to Appear in Court
      • Part 12 – Miscellaneous Provisions
        • Article 60: Directives by the Minister
        • Article 61: Regulations
          • Article 61.01
          • Article 61.02
          • Article 61.03
          • Article 61.04
        • Article 62: Directives, Codes, and Guidelines
        • Article 63: Priority of the Act
        • Article 64: Transitional Provisions
          • Article 64.01
          • Article 64.02
        • Article 65: Interpretation
          • Applicable Law
          • Automated Decision-Making
          • Binding Corporate Rules
          • Biometric Data
          • Certification Mechanism
          • Child
          • Commission
          • Competent Authority
          • Consent
          • Council
          • Court
          • Data Controller
          • Data Controller or Data Processor of Major Importance
          • Data Processor
          • Data Subject
          • Minister
          • National Commissioner
          • Personal Data
          • Personal Data Breach
          • President
          • Processing
          • Pseudonymisation
          • Sensitive Personal Data
          • Social Security Laws
        • Article 66: Citation
      • SCHEDULE
        • 01 – Council to Regulate Proceedings
          • Schedule 01
        • 02 – Presiding Officer
          • Schedule 02
        • 03 – Quorum
          • Schedule 03
          • Schedule 04
        • 04 – Voting
          • Schedule 05
          • Schedule 06
        • 05 – Teleconference Meeting
          • Schedule 07
          • Schedule 08
          • Schedule 09
        • 06 – Committees of the Council
          • Schedule 10
          • Schedule 11
          • Schedule 12
        • 07 – Seal of the Commission
          • Schedule 13
          • Schedule 14
          • Schedule 15
        • 08 – Miscellaneous
          • Schedule 16
          • Schedule 17
          • Schedule 18
  • UK GDPR Digital Regulation
• Documentation Templates
  • EU GDPR Documentation Templates
    • View Templates – EU GDPR
      • 01 – Template Register – EU GDPR
      • 02 – Data Protection Policy – EU GDPR
        • 02 – Template Articles – EU GDPR
        • 02 – Template Content – EU GDPR
          • 02.01 – Introduction
          • 02.02 – Purpose
          • 02.03 – Scope
          • 02.04 – Definition of Terms
          • 02.05 – References
          • 02.06 – Policy Statement & Applicability
          • 02.07 – Data Protection Principles
          • 02.08 – Rights of the Data Subject
          • 02.09 – Breach Management
          • 02.10 – Children’s Services
          • 02.11 – Complaints Management
          • 02.12 – Data Protection Reviews & Audits
          • 02.13 – Data Security
          • 02.14 – Data Storage, Retention and Disposal
          • 02.15 – Data Transfer
          • 02.16 – Data Protection Impact Analysis
          • 02.17 – Notices & Consent
          • 02.18 – Roles and Responsibilities
          • 02.19 – Records of Processing Activities
          • 02.20 – Subject Access Request Management
          • 02.21 – Third Party Services
          • 02.22 – Training & Awareness Management
          • 02.23 – Supervisory Authorities
      • 03 – Training Policy – EU GDPR
        • 03 – Template Content – EU GDPR
          • 03.01 – Introduction
          • 03.02 – Scope
          • 03.03 – Policy
          • 03.04 – Responsibilities
          • 03.05 – Training Content
      • 04 – Training Plan – EU GDPR
        • 04 – Template Content – EU GDPR
          • 04.01 – Training Schedule
          • 04.02 – Training Completion Tracker
      • 05 – Audit Management Policy – EU GDPR
        • 05 – Template Content – EU GDPR
          • 05.01 – Statement of Policy
          • 05.02 – Policy Scope
          • 05.03 – Policy Requirements
          • 05.04 – Audit Objectives
          • 05.05 – Audit Principles
          • 05.06 – Audit Scope
          • 05.07 – Audit Schedule
          • 05.08 – Audit Categories
          • 05.09 – Audit Responsibilities
          • 05.10 – Log of Compliance Audits
      • 06 – Audit Schedule – EU GDPR
        • 06 – Template Content – EU GDPR
          • 06.01 – Audit Schedule
          • 06.02 – Audit Register
          • 06.03 – Audit Recommendations
      • 07 – Audit Report – EU GDPR
        • 07 – Template Content – EU GDPR
          • 07.01 – Background
          • 07.02 – Scope of Audit
          • 07.03 – Audit Opinion
          • 07.04 – Summary of Audit Findings
      • 08 – Privacy Policy – EU GDPR
        • 08 – Template Content – EU GDPR
          • 08.01 – Privacy Policy for Customers
            • 08.01.01 – Introduction
            • 08.01.02 – Collection of Information
            • 08.01.03 – What Personal Data Do We Need
            • 08.01.04 – Use of Information
            • 08.01.05 – Automated Decision Making
            • 08.01.06 – Disclosure of Information
            • 08.01.07 – Your Choices
            • 08.01.08 – Your Rights
            • 08.01.09 – Security
            • 08.01.10 – Where We Store Your Data
            • 08.01.11 – How Long We Store Your Data
            • 08.01.12 – Complaints and Contacts
          • 08.02 – Privacy Policy for Employees
            • 08.02.01 – Introduction
            • 08.02.02 – What information does the organisation collect?
            • 08.02.03 – Why does the organisation process personal data?
            • 08.02.04 – Who has access to your data?
            • 08.02.05 – How does the organisation protect data?
            • 08.02.06 – For how long does the organisation keep data?
            • 08.02.07 – Your rights
            • 08.02.08 – What if you do not provide personal data?
            • 08.02.09 – Automated Decision Making
      • 09 – ROPA – EU GDPR
        • 09 – Template Content – EU GDPR
          • 09.01 – Records of Processing Activities
      • 10 – Subject Rights Notifications – EU GDPR
        • 10 – Template Content – EU GDPR
          • 10.01 – Data Accuracy – Subject Data Updates
          • 10.02 – Update Notice for Changes to Privacy Policy
          • 10.03 – Responses to Subject Access Requests
          • 10.04 – Notifying Other Controllers
      • 11 – Data Retention Policy – EU GDPR
        • 11 – Template Content – EU GDPR
      • 12 – Data Retention Schedule – EU GDPR
        • 12 – Template Content – EU GDPR
      • 13 – Protection Techniques Register – EU GDPR
        • 13 – Template Content – EU GDPR
      • 14 – Information Security Policy – EU GDPR
        • 14 – Template Content – EU GDPR
      • 15 – Security Certifications Register – EU GDPR
        • 15 – Template Content – EU GDPR
      • 16 – Personal Data Inventory – EU GDPR
        • 16 – Template Content – EU GDPR
      • 17 – Policies Register – EU GDPR
        • 17 – Template Content – EU GDPR
      • 18 – Consent Policy – EU GDPR
        • 18 – Template Content – EU GDPR
      • 19 – Consent Collection Points – EU GDPR
        • 19 – Template Content – EU GDPR
      • 20 – Consent Register – EU GDPR
        • 20 – Template Content – EU GDPR
      • 21 – Web Forms – EU GDPR
        • 21 – Template Content – EU GDPR
      • 22 – Data Subjects Rights Policy – EU GDPR
        • 22 – Template Content – EU GDPR
      • 23 – Data Subjects Rights Request Register – EU GDPR
        • 23 – Template Content – EU GDPR
      • 24 – Cookies Policy – EU GDPR
        • 24 – Template Content – EU GDPR
      • 25 – Privacy Notices – EU GDPR
        • 25 – Template Content – EU GDPR
      • 26 – Privacy Notices Register – EU GDPR
      • 27 – Subject Access Request Policy – EU GDPR
      • 28 – Subject Access Request Register – EU GDPR
      • 29 – Data Breach Policy – EU GDPR
      • 30 – Data Breach Register- EU GDPR
      • 31 – Data Breach Notifications – EU GDPR
      • 32 – DPO Job Description – EU GDPR
      • 33 – DPO Appointment Letter – EU GDPR
      • 34 – Outsourced DPO Agreement – EU GDPR
      • 35 – DPO Skills Assessment & Verification – EU GDPR
      • 36 – DPIA Policy – EU GDPR
      • 37 – DPIA Register – EU GDPR
      • 38 – Third Party Management Policy – EU GDPR
      • 39 – Data Processor Agreement – EU GDPR
      • 40 – Declaration Requests – EU GDPR
      • 41 – Declaration Tracker – EU GDPR
      • 42 – Contractor Register – EU GDPR
      • 43 – Contract Register – EU GDPR
      • 44 – Joint Controller Agreement – EU GDPR
      • 45 – Backup Policy – EU GDPR
      • 46 – Privacy by Default Policy – EU GDPR
      • 47 – Information Risk Management Policy – EU GDPR
      • 48 – Information Risk Register – EU GDPR
      • 49 – Complaints Policy – EU GDPR
      • 50 – Data Protection Jurisdictions – EU GDPR
      • 51 – Complaints Register – EU GDPR
      • 52 – GDPR Representative Job Description – EU GDPR
      • 53 – GDPR Representative Agreement – EU GDPR
      • 54 – Representative Log – EU GDPR
• Implementation Frameworks
  • EU GDPR Implementation Framework
    • View Framework – EU GDPR
      • Article 05.01 Framework – Principles
        • Article 05.01.a Framework – Principles – Lawfulness, fairness and transparency
        • Article 05.01.b Framework – Principles – Purpose Limitation
        • Article 05.01.c Framework – Principles – Data Minimisation
        • Article 05.01.d Framework – Principles – Data Accuracy
        • Article 05.01.e Framework – Principles – Storage Limitation
        • Article 05.01.f Framework – Principles – Integrity and Confidentiality
      • Article 05.02 Framework – Compliance Accountability
  • UK GDPR Implementation Framework