Guidance and Documents

The ICO regularly publish maintained guidance

Employment practices and data protection - Monitoring Workers.

The ICO has a checklists available to small businesses to assess the robustness of their compliance.

The ICO also offers a free advisory check-up service for small businesses (less than 50 employees), providing them with valuable data protection advice.

A self-assessment tool in case of data breach is available on the ICO website.

A Privacy notice generator is available on the ICO website to assist small businesses in creating a bespoke privacy notice in a few simple steps.

For your internal use and adaptation.

This document is a precedent to guide APSCo members only. All sections highlighted in yellow require customisation to fit your business circumstances. Please read the accompanying guidance below. 

A privacy notice informs data subjects about how an organisation collects, uses, stores, transfers and secures personal data. This guidance will assist members with putting together their privacy notice. 

To be used to update contracts. 

For attachment as a schedule when entering into an agreement with a party processing data outside of the EEA.

Updated with GDPR changes.

The ICO has published several International Data Transfer Agreement and Addendum templates to replace the standard contractual clauses for international transfer.

This ICO guidance covers when a DPIA needs to be conducted, how to conduct it and whether you should consult the ICO following its result. The guidance also provides you with examples of processing likely to result in high risk.

To be used to conduct your DPIA assessment.

This contract is intended to be used between you as the recruitment company and your own internal staff. It is a contract of employment and requires plenty of consideration when drafting. It has now been updated to reflect the GDPR.

A privacy policy to go alongside your employment contracts.

your major suppliers will be amending their own terms to incorporate the controller-processor terms required under the GDPR

this guidance  covers some of the relevant issues to consider before entering into any data sharing arrangement to help ensure your arrangement is compliant with the data protection legislation in the UK. The GDPR sets out more prescriptive requirements of what should be in a data processing agreement between data controllers and data processors. 

The National Cyber Security Center (NCSC) offers a 10 Steps Cyber Security guidance that businesses can use to protect themselves in cyberspace.