GDPR Toolkit

On May 25, 2018, the European Union will implement the General Data Protection Regulation (“GDPR”) to enhance data protection rights for all individuals and unify regulation within the EU. This regulation will bring fundamental changes to the way businesses process personal data of EU citizens. 

Alongside our range of GDPR advisory services and solutions, Duff & Phelps has developed a comprehensive and cost-effective GDPR Toolkit that will enable your firm to:

  • Undertake your own GDPR impact assessment to identify and practically address gaps to meet obligations.
  • Understand your data, where it resides in your firm and document data flows so you can manage your data and react quickly through a defined process to a data subject’s requests.
  • Provide transparency and assurance to all your stakeholders that your GDPR framework and data security is robust, including your firm’s data subjects, internal functions, auditors, investors and relevant national supervisory authorities.
  • Generate commercial advantage, through using the Toolkit to obtain external certification of your data processing arrangements (such as ISO) to demonstrate good governance and compliance.


Features of the GDPR Toolkit

Our Toolkit contains the important elements required under the regulation, as well as practical guidance on how to apply the Toolkit to your business.

Good Governance

  • Comprehensive governance framework that provides assurance to senior management and the board
  • Policies and procedures to assist the role of the DPO
  • End-to-end data handling procedures, including the ability to clearly document the operational and IT processes for data flows

Sound Technical Infrastructure

  • Impact assessment on your business activities and IT applications
  • Toolkits to manage technical aspects
  • IT technical controls workbook to indicate gaps in your cyber security policies and systems

Robust Operational Processes and Controls

  • Handbook on how to protect your organisation’s data that is easy to use and considers all operational aspects
  • Tools to help you readily identify and comply with relevant evidential and disclosure requirements
  • Logs across a range of areas to monitor, report and resolve matters effectively

Clear Communications

  • Training modules to assist you to achieve the desired outcomes of awareness and understanding within the firm
  • Privacy notices and other communication forms that are ready to use


A small selection of the wide range of specific materials within the Toolkit include:

  • Incident management and breach logs
  • Complaints log
  • Privacy impact assessment tool
  • Security controls assessment matrix
  • Data Protection report template
  • Controller-processor mapping workbook
  • IT data mapping process template
  • Data subject access request procedure
  • Data subject request forms
  • Monitoring procedures


How Duff & Phelps can help 

While firms can use the Toolkit on their own accord, Duff & Phelps can also provide a range of comprehensive advisory support and solutions to assist firms at all stages of their GDPR lifecycle.

We provide a comprehensive range of General Data Protection Regulation (GDPR) Consulting to assist firms throughout all stages of GDPR from framework assessments, design and implementation support, to a practical Toolkit and templates.

Benefit from our comprehensive GDPR expertise

Our dedicated GDPR Center of Excellence - consisting of GDPR, compliance, data protection and cybersecurity specialists - brings a deep understanding of regulatory expectations, best practice and practical application of the requirements. This is backed by our Compliance and Consulting Practice’s award-winning experience in governance, compliance and cybersecurity across the financial services industry. 

Our broad range of GDPR services includes:

  • GDPR framework and tools customized to your business
    • Gap analysis of your firm’s GDPR arrangements against requirements
    • Design and development of a GDPR framework fit-for-purpose for your business
    • Policies and procedures across a range of GDPR areas
    • Templates and compliance checklists, such as data security, notices, consents and contractual documentation
    • Training modules with practical guidance
  • Practical advice and support throughout your GDPR journey
    • On-call and practical GDPR advice and assistance pre- and post-implementation
    • Interim certified DPO role secondments and project management support to assist with implementing, delivering and monitoring your GDPR arrangements
    • Security and regulatory breach assistance during/post the event, including cybersecurity attacks, investigations and regulatory enforcement cases
  • Assessments to analyse gaps, resolve issues and demonstrate compliance
    • GDPR Data Privacy Readiness assessment that analyses your firm’s current data privacy policies and procedures to identify gaps, security risks and remedial measures
    • Data Privacy impact assessment across projects and systems infrastructure
    • Independent assurance assessments and testing of your GDPR arrangements
/services/compliance-and-regulatory-consulting/regional/eu-regulation/gdpr-consulting/gdpr-toolkit /-/media/feature/services/compliance-and-regulatory-consulting/crc-main-desktop-banner.jpg service


Contact Us

Other Areas We Can Help

By Jurisdiction

Regionally targeted assistance for asset managers in compliance program development, implementation and maintenance

By Jurisdiction

EU Regulation

Comprehensive compliance and regulatory support for EU firms.

EU Regulation



How Businesses Must Prepare for the Impact of GDPR in Asia-Pacific