Helping Hand - compliance checklists & Templates

Handley Gill offers compliance checklists to support compliance with data protection legislation (including the UK GDPR, Data Protection Act 2018 (DPA 2018), GDPR and Privacy and Electronic Communications Regulations (PECR)), the Online Safety Act 2023, and Artificial Intelligence (AI), Human Rights and ESG.

1. UK data protection legislation compliance checklist for UK-based organisations

2. UK data protection legislation compliance checklist for ex-UK organisations

3. Making a data subject access request (DSAR) checklist

4. Data subject access request compliance checklist

5. Transferring personal data from the UK - overseas under the UK GDPR

6. Trans-Atlantic EU-US Data Privacy Framework (DPF) self-certification checklist

7. Deploy artificial intelligence (AI) responsibly, safely & ethically checklist

8. Incident Response Plan

9. Data processor / supply chain information security risk assessment checklist

10. Directors’ statutory duties and Institute of Directors’ Code of Conduct for Directors obligations

Not sure where to start with your data protection compliance? Are you a start-up, micro-business or SME needing to understand data protection legislation and your obligations? Are you a data protection officer (DPO) or other individual with responsibility for data protection compliance looking to ensure that your organisation’s data protection compliance regime is fit for purpose? In the first of Handley Gill’s Helping Hand series, we have produced a checklist for UK-based organisations on the steps they should take to comply with UK data protection legislation.

Organisations outside the UK may still be subject to UK data protection legislation. Organisations operating in both the EEA and the UK now have two separate regimes to comply with. To help you understand whether and how the UK GDPR (the UK’s post-Brexit version of the EU General Data Protection Regulation) applies to organisations outside the UK, as part of Handley Gill’s Helping Hand series we have produced a checklist for foreign organisations on the steps they should take to comply with UK data protection legislation.

A data subject access request is a right afforded to living individuals to enable them to obtain a copy of their personal data from a data controller. This can be a valuable tool, particularly in the context of a dispute or raising a grievance, and can demonstrate the basis for any adverse decision enabling it to be challenged. As part of Handley Gill’s Helping Hand series we have produced a checklist to assist individuals to formulate and submit a data subject access request, or DSAR. You can also read our related blog post.

Received a data subject access request? Not sure how to approach managing your response to the DSAR? Want to make sure you haven’t skipped a step in the process? As part of Handley Gill’s Helping Hand series we have produced a checklist to support organisations in handling data subject access requests. You can also read our blog post, ‘Dominate that DSAR’.

As part of Handley Gill’s Helping Hand series we have produced a checklist to support UK data exporters proposing to transfer personal data overseas under the UK GDPR.

Considering self-certifying under the new Trans-Atlantic EU-US Data Privacy Framework (EU-US DPF) for the first time? Want to understand the requirements in order to self-certify under the EU-US DPF? Already certified under the Privacy Shield Framework and want to confirm your compliance with its requirements before re-certifying or certifying under the new EU-US DPF regime? Do you want to understand the level of protection data importers are obliged to provide when self-certifying under the EU-US DPF? As part of Handley Gill’s Helping Hand series we have produced a checklist to support US data importers who wish to self-certify under the new Trans-Atlantic EU-US Data Privacy Framework (EU-US DPF), which replaces the Privacy Shield Framework which has been defunct since the Schrems II judgment in July 2020, and therefore remove the need for data exporters in the EEA (and, shortly, the UK) to enter into the modernised standard contractual clauses (SCCs) or International Data Transfer Agreement (IDTA) with supplementary measures. You can also read our blog post, ‘Certify…certify me!‘.

If your organisation is considering whether to use artificial intelligence (AI), or staff are already using AI and you need to consider how to do so responsibly, safely and ethically, use our Helping Hand checklist to point you in the right direction.

If your organisation has suffered a cyber security incident and/or data breach, use our Helping Hand incident response plan checklist to inform your response.

Data controllers are obliged to ensure that their data processors provide sufficient guarantees that they will take appropriate technical and organisational measures to support compliance with the UK GDPR / GDPR, but many organisations admit to failing to conduct information security risk assessments in relation to their supply chains. Informed by the NCSC’s guidance, use our Helping Hand data processor / supply chain information security risk assessment checklist to support your implementation of checks on your suppliers.

As well as their legal duties as established under the Companies Act 2006, the Institute of Directors’ voluntary Code of Conduct for Directors establishes good industry practice for directors in fulfilling their roles.