General Data Protection Regulations (GDPR)

Friday 16th March 2018

The date for the new GDPR coming into force (25 May 2018) is fast approaching? Are you ready yet?

We want to give you a flavour of what we are doing for other clients and there are a number of options.

Listed below is the suite of core documents we provide for GDPR compliance in the UK. These cover both employment-related and wider commercial documents; they are generic and, as with any contract variations, you will need to check your variation provisions. It is necessary for you to carry out the necessary review and tailor the documents accordingly.

The suite includes:

  1. Guidance note (this note explains all the documents you have been provided with and how to use or amend them);
  2. Data Protection Policy;
  3. Letter of variation;
  4. Data processing clauses (pro-controller);
  5. Data processing clauses (pro-processor);
  6. Privacy notices;
  7. Privacy policy;
  8. Employment applicant privacy policy;
  9. Variation letter for existing employment contracts;
  10. GDPR clauses for new employment contracts;
  11. Staff privacy policy (to sit within your HR handbook or intranet);
  12. Equal opportunities monitoring form; and
  13. GDPR Key principles guidance note (provides a general overview of the GDPR and guidance on compliance).


If preferred, we also offer a service whereby we work with you to become GDPR compliant.

Phase one is a data audit and compliance gap analysis report which makes recommendations as to what specific policies and documents you need.

Phase two is the drafting of specific documents to meet the recommendations.

If there is anything you need, or you would simply like a second view on what you have done so far, please let us know.