Helpful tools, templates, and official guidance to support your privacy work
Links to authoritative sources and regulatory bodies
The UK's independent authority set up to uphold information rights. Essential for UK GDPR guidance.
Visit ICO →Independent European body contributing to consistent application of data protection rules across the EU.
Visit EDPB →The full text of the UK's Data Protection Act 2018 on legislation.gov.uk.
Read Legislation →The complete General Data Protection Regulation text from EUR-Lex, the official EU law database.
Read GDPR →Practical tools directly from the Information Commissioner's Office
ICO's official tool to check your organisation's data protection compliance.
Take Assessment →Work through questions to identify the most appropriate lawful basis for your processing.
Use Tool →Comprehensive guidance on when and how to conduct Data Protection Impact Assessments.
Read Guidance →The official ICO portal for reporting personal data breaches within 72 hours.
Report Breach →Downloadable resources to help with your compliance activities
A structured template for responding to Subject Access Requests within the statutory timeframe.
View Template →A Records of Processing Activities template compliant with Article 30 requirements.
View Template →A checklist to help you assess whether a breach is reportable and document your decision.
View Checklist →A comprehensive Data Protection Impact Assessment template based on ICO guidance.
View Template →Essential data protection terminology explained
Any information relating to an identified or identifiable natural person ('data subject'). This includes names, identification numbers, location data, online identifiers, or factors specific to physical, physiological, genetic, mental, economic, cultural or social identity.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning sex life or sexual orientation. This data requires additional protections.
One of six legal grounds that must be established before processing personal data: consent, contract, legal obligation, vital interests, public task, or legitimate interests.