Achieve GDPR Policy Compliance today!

General Data Protection Regulation - GDPR Policy Mapping


GDPR Policy Template

Our pre-written GDPR policy is fully compliant with the General Data Protection Regulation (EU) 2016/679. This policy is different from a standard InstantSecurityPolicy.com document in that this is a pre-written Microsoft Word document that already complies with GDPR. The mapping below outlines how this policy meets each article of GDPR. You will receive our premium, professionally-designed product to meet your company's needs within minutes.

InstantSecurityPolicy.com has provided policies to thousands of companies in all 50 US States and over 40 countries around the world. We used this experience to develop an IT policy template that is fully-compliant with the General Data Protection Regulation. This IT policy template is comprehensive, complete, and ready for you to implement in your organization. You will also get money-back guarantee, however with a customer satisfaction rate of over 99.5%, we do not think you will need it!



Buy GDPR Policy


Article Title Primary Section Secondary Section
1 Subject-matter and objectives N/A GDPR introductory section
2 Material scope N/A GDPR introductory section
3 Territorial scope N/A GDPR introductory section
4 Definitions Appendix B: Definitions (relevant definitions included) GDPR introductory section
5 Principles relating to personal data processing Personal Data Protection Policy, Section 4.2 Lawful Basis for processing Retention Policy, Section 4.3.3 Confidential Data
6 Lawfulness of processing Personal Data Protection Policy, Section 4.2 Lawful Basis for processing
7 Conditions for consent Personal Data Protection Policy, Section 4.2.1 Consent Email Policy, Section 4.1.6 Mass Emailing
8 Conditions applicable to child's consent in relation to information society services Personal Data Protection Policy, Section 4.2.1 Consent
9 Processing of special categories of personal data Confidential Data Policy, Section 4.2 Examples of Confidential Data Personal Data Protection Policy, Section 4.2 Lawful Basis for processing
10 Processing of data relating to criminal convictions and offences Confidential Data Policy, Section 4.2 Examples of Confidential Data Personal Data Protection Policy, Section 4.2 Lawful Basis for processing
11 Processing which does not require identification Personal Data Protection Policy, Section 4.1 Types of Data Retention Policy, Section 4.3.3 Confidential Data
12 Transparent information, communication and modalities for the exercise of the rights of the data subject Personal Data Protection Policy, Section 4.4.1 Right to be Informed
13 Information to be provided where personal data are collected from the data subject Personal Data Protection Policy, Section 4.4.1 Right to be Informed
14 Information to be provided where personal data have not been obtained from the data subject Personal Data Protection Policy, Section 4.4.1 Right to be Informed Acceptable Use Policy, Section 4.7 Recognizing and Reporting a Personal Data Request
15 Right of access by the data subject Personal Data Protection Policy, Section 4.4.2 Right of Access Acceptable Use Policy, Section 4.7 Recognizing and Reporting a Personal Data Request
16 Right to rectification Personal Data Protection Policy, Section 4.4.3 Right to Rectification Acceptable Use Policy, Section 4.7 Recognizing and Reporting a Personal Data Request
17 Right to erasure ('right to be forgotten') Personal Data Protection Policy, Section 4.4.4 Right to be Forgotten Acceptable Use Policy, Section 4.7 Recognizing and Reporting a Personal Data Request
18 Right to restriction of processing Personal Data Protection Policy, Section 4.4.5 Right to Restrict Processing Acceptable Use Policy, Section 4.7 Recognizing and Reporting a Personal Data Request
19 Notification obligation regarding rectification or erasure of personal data or restriction of processing Personal Data Protection Policy, Section 4.5 General Obligations Acceptable Use Policy, Section 4.7 Recognizing and Reporting a Personal Data Request
20 Right to data portability Personal Data Protection Policy, Section 4.4.6 Right to Data Portability Acceptable Use Policy, Section 4.7 Recognizing and Reporting a Personal Data Request
21 Right to object Personal Data Protection Policy, Section 4.4.7 Right to Object Acceptable Use Policy, Section 4.7 Recognizing and Reporting a Personal Data Request
22 Automated individual decision-making, including profiling Personal Data Protection Policy, Section 4.4.8 Rights Related to Automated Decision Making
23 Restrictions N/A Covers potential restriction of the GDPR by member or state law, not applicable to policies.
24 Responsibility of the controller Personal Data Protection Policy, Section 4.5 General Obligations
25 Data protection by design and by default Personal Data Protection Policy, Section 4.5 General Obligations
26 Joint controllers Data Processing Agreement Policy, Section 4.3.1 Acting as a Controller
27 Representatives of controllers not established in the Union Personal Data Protection Policy, Section 4.5 General Obligations
28 Processor Data Processing Agreement Policy, Section 4.3.2 Acting as a Processor
29 Processing under the authority of the controller or processor Data Processing Agreement Policy, Section 4.3.2 Acting as a Processor
30 Records of processing activities Personal Data Protection Policy, Section 4.6.1 Controller Requirements
31 Cooperation with the supervisory authority Data Processing Agreement Policy, Section 4.3.2 Acting as a Processor
32 Security of processing Confidential Data Policy (in whole), Network Security Policy (in whole), Personal Data Protection Policy (in whole), Incident Response Policy (in whole)
33 Notification of a personal data breach to the supervisory authority Breach Notification Policy, Section 4.4.1 When to Notify Supervisory Authority
34 Communication of a personal data breach to the data subject Breach Notification Policy, Section 4.4.2 When to Notify Individuals
35 Data protection impact assessment Personal Data Protection Policy, Section 4.7 Data Protection Impact Assessments
36 Prior Consultation Personal Data Protection Policy, Section 4.7 Data Protection Impact Assessments
37 Designation of the data protection officer Personal Data Protection Policy, Section 4.8 Data Protection Officer
38 Position of the data protection officer Personal Data Protection Policy, Section 4.8 Data Protection Officer
39 Tasks of the data protection officer Personal Data Protection Policy, Section 4.8 Data Protection Officer
40 Codes of Conduct Personal Data Protection Policy, Section 4.9 Codes of Conduct and Certification
41 Monitoring of approved codes of conduct Personal Data Protection Policy, Section 4.9 Codes of Conduct and Certification
42 Certification Personal Data Protection Policy, Section 4.9 Codes of Conduct and Certification
43 Certification bodies Personal Data Protection Policy, Section 4.9 Codes of Conduct and Certification
44 General principle for transfers Personal Data Protection Policy, Section 4.10 International Data Transfers
45 Transfers of the basis of an adequacy decision Personal Data Protection Policy, Section 4.10 International Data Transfers
46 Transfers subject to appropriate safeguards Personal Data Protection Policy, Section 4.10 International Data Transfers
47 Binding corporate rules Personal Data Protection Policy, Section 4.10 International Data Transfers
48 Transfers or disclosures not authorised by union law Personal Data Protection Policy, Section 4.10 International Data Transfers
49 Derogations for specific situations Personal Data Protection Policy, Section 4.10 International Data Transfers
50 International cooperation for the protection of personal data Personal Data Protection Policy, Section 4.10 International Data Transfers
51 - 67 Various N/A Specifies requirements for Supervisory Authorities, not applicable to policies.
68 - 76 Various N/A Specifies tasks for the European Data Protection Board, not applicable to policies.
77 Right to lodge a complaint with a supervisory authority Personal Data Protection Policy, 4.4 Notice to Individuals Policies don't specifically cover data subjects, but they do specify company requirements to notify data subjects of their rights
78 Right to an effective judicial remedy against a supervisory authority Personal Data Protection Policy, 4.4 Notice to Individuals Policies don't specifically cover data subjects, but they do specify company requirements to notify data subjects of their rights
79 Right to an effective judicial remedy against a controller or processor Personal Data Protection Policy, 4.4 Notice to Individuals Policies don't specifically cover data subjects, but they do specify company requirements to notify data subjects of their rights
80 - 83 Various N/A Policies don't cover the rights of data subjects where those rights don’t impact company policies
84 - 91 Various N/A Policies don't cover the obligations of member states where those obligations don't impact company policies
92 - 99 Various N/A Policies don't cover the obligations of the Commission where those obligations don't impact company policies

Buy GDPR Policy

 
  •