Guidance and Documents

The ICO regularly publish guidance (which is maintained). Click here for more details.

Employment practices and data protection - Monitoring Workers. Click here for more details. 

The ICO has a checklists available to small businesses to assess the robustness of their compliance. Click here for more details.

The ICO also offers a free advisory check-up service for small businesses (less than 50 employees), providing them with valuable data protection advice. Click here for more details.

A self-assessment tool in case of data breach is available on the ICO website. Click here for more details.

A Privacy notice generator is available on the ICO website to assist small businesses in creating a bespoke privacy notice in a few simple steps. Click here for more details.

The ICO has launced a new Data Protection Audit Framework designed to help organisations assess their own compliance with key requirements under UK data protection law. Click here for more details.

For your internal use and adaptation. Click here to download the presentation. 

Click here to download GDPR guidance for clients.

Click here to download GDPR guidance for candidates. 

• GDPR Privacy Notice Template - This document is a precedent to guide APSCo members only. All sections highlighted in yellow require customisation to fit your business circumstances. Please read the accompanying guidance below. 
• Guidance on GDPR Privacy Notice Template - A privacy notice informs data subjects about how an organisation collects, uses, stores, transfers and secures personal data. This guidance will assist members with putting together their privacy notice.   
• Suggested basic GDPR commercial contract wording – To be used to update contracts. 
• EU Model Terms - For attachment as a schedule when entering into an agreement with a party processing data outside of the EEA.
• APSCo model contracts - Updated with GDPR changes.
• ICO International Data Transfer Agreement templates  – The ICO has published several International Data Transfer Agreement and Addendum templates to replace the standard contractual clauses for international transfer.
• ICO Data Protection Impact Assessments guidance  – This ICO guidance covers when a DPIA needs to be conducted, how to conduct it and whether you should consult the ICO following its result. The guidance also provides you with examples of processing likely to result in high risk.
• ICO Data Protection Impact Assessments templates – To be used to conduct your DPIA assessment.

• GDPR Employment Contract template - This contract is intended to be used between you as the recruitment company and your own internal staff. It is a contract of employment and requires plenty of consideration when drafting. It has now been updated to reflect the GDPR.
• GDPR Privacy Policy - A privacy policy to go alongside your employment contracts.  

• Controller – processor terms – your major suppliers will be amending their own terms to incorporate the controller-processor terms required under the GDPR
• Data Sharing Guidance - this guidance  covers some of the relevant issues to consider before entering into any data sharing arrangement to help ensure your arrangement is compliant with the data protection legislation in the UK. The GDPR sets out more prescriptive requirements of what should be in a data processing agreement between data controllers and data processors. 

• American Staffing Association's Guide to Staffing Firm Roles Under the CCPA
• APSCo Update on Legal & Compliance Issues – May 2017 
• Privacy and GDPR - Legal Speedread on the GDPR 2017 
• Impact of the proposed EU General Data Protection Regulations on Members 2017

The National Cyber Security Center (NCSC) offers a 10 Steps Cyber Security guidance that businesses can use to protect themselves in cyberspace. Click here for more details.