GDPR Manual & Confirmation Form


This manual specifically focuses on the rules relating to the General Data Protection Regulation (GDPR) and the requirement for privacy relating to customers data held on file.  It includes detailed guidance on the principles, the lawful basis in which firms should use in order to process personal data along with a procedure that regulated firms should follow. The manual also includes guidance on customers individual rights, data received from a third party and privacy notice.

In this bundle you will also receive a Confirmation Form that individuals within the firm can sign and date to confirm they have read and understood the manual.  This can then be counted towards their CPD and evidence their understanding of GDPR.

Whilst this manual is specifically aimed at the Mortgage, Equity Release and Insurance Brokers, it may be of use to other sectors under the Financial Conduct Authority.

FORMAT: All documents are downloadable via email upon receipt of payment.



WORD DOCUMENT – 19 PAGES – Last Updated: Feb 2022


  1. The Rules
    1. Controllers and Processors
    2. GDPR Principles
    3. GDPR Data Mapping
    4. Data Protection Officer
    5. Breach/Formal Notification
  2. Lawful Basis for Processing
    1. Consent
    2. Consent – Marketing
    3. Consent – Website
    4. Consent – Record Keeping
    5. Legal Obligation
    6. Legitimate Interests
    7. Legitimated Interests Assessment – LIA
    8. Legitimate Interest – Marketing
    9. Legitimate Interest – Record Keeping
  3. Individual Rights
    1. The right to be informed
    2. The right to access (Subject Access Requests SAR)
    3. The right to rectification
    4. The right to erasure
    5. The right to restrict processing
    6. The right to data portability
    7. The right to object
    8. Rights related to automated decision making and profiling
  4. Privacy Notice
    1. Confirmation of Consent
    2. Privacy Notice Communication
    3. Privacy Notice Accuracy/Review
  5. Data received from a third party
    1. Third Party Due Diligence
  6. Breach / Formal Notification Reporting
    1. Customer Notification
    2. Reportable Data Breach