This content is locked!


To access this resource log in or Subscribe to Core.

Get instant access to 3 free resources of your choice. No credit card required.

Sign up now for free access

Form

Medical report consent form

Medical report consent form

Last Modified
Previously modified

This model medical report consent form explains rights relating to a request for a medical report from the employee's GP, including the specifics of the request for information, the employee's rights under the Access to Medical Reports Act 1988, the employee's right to see the report, and the interaction with the GDPR and current data protection legislation.

Medical report consent form

Data rectification request form

Data rectification request form

Last Modified
Previously modified

Data subjects have the right to have their data rectified if it is inaccurate or incomplete. This form can be used by a data subject to request that data be rectified, in line with GDPR and current data protection legislation.

Data rectification request form

Job applicant privacy notice

Job applicant privacy notice

Last Modified
Previously modified

A privacy notice can be used as part of a data protection compliance system and explains how you use data in line with GDPR and current data protection legislation. This version is to be used for your job applicants; a separate version exists for employees.

Job applicant privacy notice

Consent form for existing employees

Consent form for existing employees

Last Modified
Previously modified

This form can be used when refreshing consent already obtained from employees  before the implementation of GDPR, where no other lawful basis applies. You must include the specific reasons for different data processing activities.   

Consent form for existing employees (GDPR compliant)

Consent form for new employees

Consent form for new employees

Last Modified
Previously modified

This form can be used to obtain consent for processing data from new employees, where no other lawful basis applies, in compliance with GDPR and data protection legislation. You must include the specific reasons for different data processing activities. 

Consent form for new employees

Data objection request form

Data objection request form

Last Modified
Previously modified

Data subjects have the right to object to the processing of their data in certain situations. This form can be used by a data subject to object to that processing and requires the data subject to include their reason for the request, in line with GDPR and current data protection legislation.

Data objection request form

Consent form for employees who leave

Consent form for employees who leave

Last Modified
Previously modified

This consent form can be used to obtain consent from employees who leave your organisation for any data you wish to continue to process which does not fall under a separate lawful basis, in line with GDPR and data protection legislation.

Consent form for employees who leave

HR data audit form

HR data audit form

Last Modified
Previously modified

You can use this form to complete your HR data audit in line with GDPR and current data protection legislation. It enables you to review the life cycle of data that you process including the types of data, the reason for the processing, and the security measures you take.

HR Data audit form
Download

Data deletion request form

Data deletion request form

Last Modified
Previously modified

Data subjects have the right to have their data deleted in certain situations. This form can be used by a data subject to request deletion. It requires the data subject to include their reason for the request, in line with GDPR and current data protection legislation.

Data deletion request form (GDPR compliant)

HR data record (GDPR compliant)

HR data record (GDPR compliant)

Last Modified

You should use this form to keep an ongoing record of the HR data you process and the lawful basis on which it is processed. You should regularly review the information on this record and ensure it is fully up to date.

HR data record (GDPR compliant)

Data restriction request form

Data restriction request form

Last Modified
Previously modified

Data subjects have the right to have the processing of their data restricted in certain situations. This form can be used by a data subject to request restriction. It requires the data subject to include their reason for the request, in line with GDPR and current data protection legislation.

Data restriction request form

Policy

Data protection policy

Data protection policy

Last Modified
Previously modified

This policy outlines the Company's approach to protecting data in the workplace in accordance with GDPR and current data protection legislation, including data protection procedures, access to data,  disclosures and security of data, how the Company will notify a breach, training and the identification of officers responsible for data protection.

 

Data protection policy
Download

Data transfer security policy

Data transfer security policy

Last Modified
Previously modified

This policy, containing relevant references to GDPR and current data protection legislation, covers definitions, the law, transferring data, memory sticks, action to be taken if data goes missing and negligent transfer of data.

Data transfer security policy

Monitoring policy

Monitoring policy

Last Modified
Previously modified

This policy, containing references to GDPR and current data protection legislation, outlines the Company's approach to monitoring in the workplace, including CCTV, email, internet, telephone and related data protection issues. The policy outlines the extent of monitoring in the workplace and states that the Company may use information gathered through employee monitoring as the basis for disciplinary action against employees. It also allows for identification of the Company's Data Protection Officer.

Monitoring policy
Download

Subject access request policy

Subject access request policy

Last Modified
Previously modified

This policy gives details about how the organisation will handle a subject access request under the GDPR and in line with current data protection legislation.

Subject access request policy

Freedom of Information Act compliance policy

Freedom of Information Act compliance policy

Last Modified
Previously modified

The Freedom of Information Act gives a legal right for any person to ask an organisation within the public sector for access to information that it holds. This policy outlines the procedure to be followed when someone asks for information under the Act.

Freedom of Information Act compliance policy

Data breach notification policy

Data breach notification policy

Last Modified
Previously modified

This policy includes the definition of a breach, allows for the inclusion of data breach detection methods, and sets out the circumstances where notification is needed, both to the supervisory authority and the individuals whose data was subject to a breach. This policy is in line with GDPR and current data protection legislation.

Data breach notification policy

HR data retention policy

HR data retention policy

Last Modified
Previously modified

This policy gives details about how the organisation will retain HR personal data under the GDPR and in line with current data protection legislation. The policy includes a schedule of retention detailing the types of personal HR data and the retention period which applies to each type of data.

HR data retention policy

Policy on data subject rights

Policy on data subject rights

Last Modified
Previously modified

Under the GDPR and current data protection legislation, data subjects have many rights in relation to their data. This policy sets out those rights, and the criteria attached to exercising them.

Policy on data subject rights

Letter

Letter asking employee to pay a fee relating to subject access request

Letter asking employee to pay a fee relating to subject access request

Last Modified
Previously modified

Use this letter to request the payment of a fee on receipt of a subject access request in line with GDPR and current data protection legislation. Please note under the GDPR a reasonable fee can only be requested where the request is manifestly unfounded, excessive, repetitive or further requests of the same information are made.

 

Letter asking an employee to pay a fee relating to subject access

Letter asking an employee to provide proof of identity relating to subject access request

Letter asking an employee to provide proof of identity relating to subject access request

Last Modified
Previously modified

Use this letter to ask an employee to provide proof of identity before access can be granted to personal data held by the company, in line with GDPR and current data protection legislation.

Letter asking an employee to provide proof of identity relating to subject access request

Letter in response to a subject access request

Letter in response to a subject access request

Last Modified
Previously modified

Use this letter to acknowledge an employee’s request to see a copy of the personal data held by their employer and enclose a copy and description of the data held, for what purposes it has been used, who has seen it, how it was obtained, how long it will be kept for, and the employee's rights in relation to the data. There are also options to explain why data has been withheld. This template complies with GDPR and current data protection legislation.

 

Letter in response to a subject access request

Letter informing of extension of time to comply with subject access request

Letter informing of extension of time to comply with subject access request

Last Modified
Previously modified

Use this letter to inform the employee of the reason why the time to comply with the subject access request has been extended, in line with GDPR and current data protection legislation. Please note under the GDPR the time to comply can only be extended to three months from the date of receipt of the request.

Letter informing of extension of time to comply with subject access request

Letter to the doctor of an employee requesting medical report

Letter to the doctor of an employee requesting medical report

Last Modified
Previously modified

This letter requests a medical report from an employee's doctor or consultant on an employee's current state of health and a prognosis of future health for a specified period. It must be accompanied by a signed medical consent form and by a copy of the employee’s job description.

Letter to the doctor of an employee requesting medical report

Template

Employee privacy notice

Employee privacy notice

Last Modified
Previously modified

A privacy notice can be used as part of a data protection compliance system and explains how you use data in line with GDPR and current data protection legislation. This version is to be used for your employees; a separate version exists for job applicants.

Employee privacy notice
Download

Confidentiality agreement

Confidentiality agreement

Last Modified
Previously modified

This agreement outlines that an employee agrees to keep secret and not at any time either during their employment or after its termination, use, communicate or reveal to any person for the employee’s or any other person’s benefit, any trade secret or confidential information concerning the business, finances or organisation of the Company or any associated company, their systems, techniques or know how of their suppliers or customers. The agreement clarifies the type of information which is considered to be secret and confidential. It also requires the individual to familiarise themselves with the provisions of data protection rules.

Confidentiality agreement

Contractor privacy notice

Contractor privacy notice

Last Modified
Previously modified

A privacy notice can be used as part of a data protection compliance system and explains how you use data in line with GDPR and current data protection legislation. This version is to be used for contractors whose services you engage.

Contractor privacy notice

Contract clauses