GDPR Compliance Starter Kit

The GDPR is more demanding in practice than most organisations expect when they first read it. The starter kit is the structured response: the documents that together form the foundation of a compliance programme, sized for an SME rather than a multinational.

What goes in a working GDPR starter kit

The kit includes a privacy policy, an employee privacy notice, a data processing agreement template, a basic ROPA, and a breach response plan. Together, they put in place the artefacts that most ICO inquiries and most B2B due diligence questionnaires expect to see.

The kit is not a substitute for ongoing compliance work; the documents need to be implemented, and the organisation needs to do what they describe, but it is the right starting point. From a credible base, you can go further; without one, every step is harder.

Bundling these together saves money and ensures consistency across all your data protection documentation.

Example: a typical scope and fixed fee

For a UK SME getting its data protection foundations in place, the typical scope looks like this.

What's included

• Privacy policy
• Employee privacy notice
• Data processing agreement template
• Records of processing activities (ROPA) template
• Data breach response plan
• A consultation to understand your data processing activities
• One round of revisions to the full kit based on your feedback
• All documents ready to implement

What's outside this scope

• DPO services
• ICO registration
• Ongoing compliance monitoring
• Data protection impact assessments
• Tax advice

Fixed fee: £695, no VAT.

How I will approach your matter

Once you have instructed me, I will arrange a consultation to understand your data processing activities before drafting. All the documents are drafted together so they are consistent with each other.