GDPR Documents, Templates & Toolkits

FLANK is the world’s leading provider of GDPR policy templates, toolkits, polices – and more – essential documentation available for instant download today for compliance with the General Data Protection Regulation for controllers and processors. Our product offering for GDPR documents & toolkits includes the following:

GDPR All-in-One Global Compliance Toolkit

FLANK offers the most in-depth set of GDPR documents available anywhere in the world. As a controller or processor, you need documentation, and quite a bit of it. You need documents for information security, H.R. privacy, operations, and much more, and FLANK has them. Our GDPR All-in-One Global Compliance Toolkit includes essential compliance documents, and much more.

ISO 27001/27002 All-in-One Toolkit

Both the ISO 27001/27002 framework and the GDPR originate from Europe, which means EU controllers and processors can take comfort in implementing ISO specific policies and procedures for helping comply with the GDPR. If you’re goal is a mature, well-designed Information Security Management System (ISMS), then the toolkit is a must-have.

GDPR Compliance Checklist

We offer an incredibly easy-to-use and implement GDPR compliance checklist that covers all essential “Articles” and their requirements for both controllers and processors looking for much-needed guidance. The checklist has been authored by leading global cybersecurity and regulatory compliance professionals.

Data Protection Impact PRE-Assessment Determination

As a controller or processor, do you know if you need to perform a Data Protection Impact Assessment (DPIA)? Not sure? Then use our quick-and-easy pre-assessment determination template. It’s free of charge and available for instant download today.

GDPR Data Protection Impact Assessment (DPIA)

Performing a Data Protection Impact Assessment (DPIA) can be incredibly taxing and challenging, mostly because of no real structured guidance in the form of a documented program. FLANK has developed the world’s leading DPIA program; a comprehensive MS Word template that’s easy-to-use and highly essential for compliance with the GDPR. As the first firm to market with a professionally developed, cost-effective DPIA template, controllers can now complete this critical assignment in relatively short-order.

Information Security & Cybersecurity Policy and Procedures

Complying with the GDPR – especially with Article 32 and the mandate to “…implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk…” requires information security policies, procedures, and processes. As a controller or processor, if you haven’t adopted an InfoSec framework (i.e., ISO 27001/27002, NIST 800) and put in place the necessary documents, then FLANK’s Information Security & Cybersecurity Policy and Procedures Manual is what you need.

Need evidence from the GDPR as to the importance of information security? Article 32(1)b discusses the “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.” This is the well-known CIA triad of information security, which can be met by having comprehensive information security policies, procedures, and processes in place – those offered by FLANK for instant download.

Business Continuity and Disaster Recovery Planning

Per Article 32(1)c, "the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident", and Article 32(1)d, "a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing", ultimately requires a well-formalized and documented Business Continuity and Disaster Recovery Planning/Contingency Planning (BCDRP/CP) program to be in place.

FLANK offers an incredibly detailed, well-written, and easy-to-use and implement program that’s available for instant download. Even without the GDPR compliance requirements for such a mandate, every business should have a BCDRP/CP program in place for best practices. Get yours today from FLANK and get compliant.

Cyber Incident Response and Breach Reporting Program – GDPR

Per Article 32, “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority…” Therefore, controllers and processors need a well-formalized, documented cyber incident response and breach reporting program for the GDPR.

FLANK offers an incredibly detailed, well-written, and easy-to-use and implement program that’s available for instant download. Even without the GDPR compliance requirements for such a mandate, every business should have an incident response and breach reporting program in place for best practices. Get yours today from FLANK and get compliant.

Third-Party Due-Diligence and Vendor Management for GDPR

Per various Articles within the GDPR (i.e., Article 28, Article 29, and others), controllers have certain obligations for ensuring that processors and other related entities comply with the GDPR framework. This means putting in place a program for assessing and monitoring downstream providers. FLANK offers a comprehensive Third-Party Due-Diligence and Vendor Management Program for the GDPR in helping controllers (and processors) carry out necessary due-diligence measures. In today’s world of growing outsourcing, it’s more important than ever to monitor your third-party relationships. Download the Third-Party Due-Diligence and Vendor Management Program for the GDPR today.

Risk Management and Risk Assessment Program

Almost every concept in business revolves around that of risk. What are the risks to your business? How do you assess and treat such risks? What initiatives do you have in place for removing risks? The GDPR speaks to the concept of risk repeatedly, in both the “Articles” and the “Recitals” of the regulation. For ensuring full compliance with the GDPR, controllers and processors need to be assessing their risks on a regular basis. FLANK provides a Risk Management and Risk Assessment Program that’s available for instant download.

Personal Data Inventory for Data Subjects Matrix

As a controller or processor, do you have a complete and accurate listing of all personal data of data subjects? If not, then it’s time to use FLANK’s Personal Data Inventory for Data Subjects Matrix, which is available for instant download. The matrix contains the following fields for ensuring full coverage of personal data you’re storing, processing, and/or transmitting for EU data subjects:

  • Data Type
  • Description
  • Lawfulness, Fairness, and Transparency
  • Collection Purposes
  • Data Minimization
  • Special Category of Data?
  • Accuracy
  • Processing Safeguards
  • Format
  • Data Storage Protocols
  • Data Transfer Protocols

Data Protection Policy and Procedures

An important element of GDPR compliance is having a well-written policy describing various aspects of protecting personal data for data subjects. FLANK’s Data Protection policy and procedures templates is comprehensive, easy-to-implement, and includes full coverage of all critical data protection topics, including the types of media for which personal data resides on. Download the Data Protection policy and procedures MS Word template today from FLANK.

Additional GDPR Compliance Policy Templates

The above listing of our GDPR policy templates and toolkits is always changing, so please visit flank.org to see the most current list.