On this page we have compiled a collection of practical GDPR templates and tools for you. The official documents, sample forms and easy‑to‑understand practical guides linked here provide a quickly usable basis for your data protection documentation (records of processing activities, data processing agreements, DPIAs, employee notices, etc.) if you want to offer products and services in Germany or the EU.

Key legal basis

• Full text of the GDPR (including territorial scope; relevant for non‑EU companies):
  REGULATION (EU) 2016/679 (GDPR) — EUR‑Lex (DE, PDF)
  Why: The GDPR is the legal foundation. Article 3 governs when the GDPR also applies to non‑EU companies (e.g. offering goods/services in the EU).

Official briefs and templates (DSK & supervisory authorities)

• DSK — Brief: “Record of Processing Activities” (explanations & requirements):
  DSK: Record of Processing Activities (dsk_kpnr_1.pdf)
  Explains which information a record must contain under Article 30 GDPR and serves as authoritative guidance for supervisory authorities.
• DSK — Sample record for controllers (DOCX / PDF):
  DSK: Sample Record of Processing Activities for Controllers (201802_ah_muster_verantwortliche.pdf)
  A ready‑to‑use template — ideal as a starting point for your company’s processing record.
• DSK — Guidance / templates for informing and obliging employees:
  DSK: Informing and Obligating Employees (dsk_kpnr_19.pdf)
  Templates and guidance on how employees should be informed about their duties and bound to confidentiality — important for proving TOMs and for employee training.
• DSK — DPIA “must‑list” (when a DPIA is required):
  DSK: DPIA Must‑List (Version 1.1)
  Contains typical processing scenarios (examples) and decision aids for when a DPIA (Article 35 GDPR) must be carried out.

Authority and practical guides

• BfDI — Practical information & sample guidance (Federal Commissioner for Data Protection and Freedom of Information):
  BfDI — Guidance & samples for the record of processing activities
  Complementary practical tips, particularly for federal matters and public bodies.
• IHK / Chamber pages (practically accessible explanations & local templates):
  IHK Hamburg — Record of Processing Activities (explanation + links)
  Short, practice‑oriented checklists for companies (helpful for SMEs and quick orientation).

Articles, how‑tos & sample templates

• Projekt29 — Background article on the publication of DSK guidance (practical commentary & direct download links):
  Projekt29: DSK publishes guidance and templates for the record
  Expert commentary explaining how to use the DSK templates and where to find the official downloads.
• Practice article with sample DPIA and examples (explanation + template):
  Köhrer: Data Protection Impact Assessment with examples and sample/template
  An easy‑to‑understand guide to creating a DPIA with a sample structure — useful for filling in and as a complement to the DSK guidance.

How to use the templates — practical tips

• Start with the DSK sample for the processing record and systematically complete entries per processing activity (purpose, categories, recipients, retention period, technical and organizational measures — TOM). (See DSK brief and sample above.)
• For new, data‑intensive processes, check the DPIA must‑list to determine whether a DPIA is required; if in doubt, conduct a DPIA or consult the supervisory authority. (See DSK must‑list.)
• Carefully review data processing agreements (DPAs): standard clauses, obligations to assist, recordkeeping and deletion. Templates are often available from state data protection authorities, Chambers of Commerce, or specialized providers (see IHK & BfDI).
• Keep documentation and evidence (training records, employee notices, TOM implementations) — this is at the core of the accountability principle (Article 5(2) GDPR).

Our offer

We act as your statutory data protection representative in Germany: we take on the appointment under Article 27 (and matters related to Article 3) GDPR (representation), prepare or review your record of processing activities, adapt DPAs, carry out DPIAs, or support you during supervisory authority audits. For every type of data protection advice — from a one‑time legal review to ongoing representation and support — we are your contact.