AGIDAT – Datenschutz | Informationssicherheit

Data Protection Templates

Sample documents and templates for the most important data protection paperwork.

Note: These templates are a starting point — not a substitute for legal advice. Your specific situation may require adjustments. If in doubt, get in touch with us.

📄
Website

Privacy Policy (Website)

Template for a GDPR-compliant privacy policy — adaptable for SMEs using common web services (hosting, analytics, contact forms, newsletters).

ℹ Must be adapted to your company and the specific services you use.

🗂️
Documentation

Records of Processing Activities (Template RoPA)

Structural template for the records of processing activities under Art. 30 GDPR. Includes sample entries for typical SME processing activities.

ℹ Includes 12 typical processing activities ready to adapt.

🤝
Contracts

Data Processing Agreement (DPA)

Standard contract for data processing under Art. 28 GDPR. Suitable for service providers who process personal data on your behalf.

ℹ Compliant with Art. 28(3) GDPR, including an annex for technical and organizational measures.

🔐
Security

Technical and Organizational Measures (TOMs)

Documentation template for TOMs under Art. 32 GDPR. Includes a checklist for confidentiality, integrity, availability, and resilience.

ℹ Can be used as an annex to the DPA or as a standalone document.

📧
Marketing

Consent Form (Newsletter / Email Marketing)

Template for GDPR-compliant consent to newsletter dispatch. Includes a sample double opt-in confirmation email.

ℹ Double opt-in is best practice in Germany and holds up better in court.

👤
Data Subject Rights

Response Template: Subject Access Request (Art. 15 GDPR)

Professional response template for data subject access requests. For when someone asks what data you hold about them.

ℹ Deadline: 1 month from receipt of the request (extendable to 3 months).

🚨
Emergency

Data Breach Notification (Art. 33 GDPR)

Template for notifying the supervisory authority of a personal data breach. Covers all mandatory information under Art. 33(3) GDPR.

ℹ Deadline: 72 hours from becoming aware of the incident.

🖊️
HR

Data Protection Commitment (Employees)

Written commitment for employees to data protection and confidentiality of personal data.

ℹ Should be signed upon hiring and after significant system changes.

A custom template for your company?

We create and fill in all your data protection documents for you — tailored to your specific processing activities and systems.

Start the self-check →