In force since 2018

GDPR Compliance Kit

67 ready-to-use documents. VVT, DPA, TOM, DPIA, Schrems II, Cookie Banner — full GDPR documentation. Personalised with your company name, audit-ready.

Choose your tier Read knowledge base
What's inside

Everything you need

Records of Processing (Art. 30)

Excel template with 9 mandatory fields, 14 SME pre-filled examples (e-commerce, SaaS, manufacturing, services).

Data Processing Agreements (Art. 28)

DPA template, sub-processor list, Schrems II / DPF annex, BayLDA-compliant exclusion clause for tax advisors.

Technical and Organizational Measures (Art. 32)

TOM checklist with 8 areas + 60 measures, state-of-the-art 2026 (MFA, immutable backups, Zero Trust).

Data Protection Impact Assessment (Art. 35)

DPIA template, 7-step process, BfDI black-list triggers, consultation procedure.

Data Subject Rights (Art. 12-22)

Workflow + templates for access, rectification, erasure, portability, objection, automated decision-making.

Cookie Banner (§ 25 TDDDG + Art. 6 GDPR)

Banner concept, equal-choice implementation, 12-point audit checklist, Google Consent Mode v2.

Data Breach Notification (Art. 33/34)

72-hour procedure, notification template, data subject information, breach log.

International Transfers (Chapter V)

SCC 2021/914, TIA template, DPF status check, EU alternative providers list.

Pricing

Choose your tier

One-time payment · Instant download · Buy once, always up-to-date

Purchase as a business under § 1 KSchG / § 14 BGB. By clicking "Order" you accept our Terms and Privacy Policy.

Basis

EUR 990

Compliance documentation kit

  • ✓ 67 editable templates
  • ✓ Personalised with your company name
  • Buy once, always up-to-date
  • ✓ 60-day money-back guarantee*
  • ✓ License for buyer + corporate group (§ 15 AktG)
Choose Basis
RECOMMENDED

Plus

EUR 1,290

Documentation + employee training

  • ✓ 67 editable templates
  • ✓ Personalised with your company name
  • Buy once, always up-to-date
  • ✓ 60-day money-back guarantee*
  • ✓ License for buyer + corporate group (§ 15 AktG)
  • ✓ E-learning module (employee training)
Choose Plus

Komplett

EUR 1,490

Documentation + training + trainer materials

  • ✓ 67 editable templates
  • ✓ Personalised with your company name
  • Buy once, always up-to-date
  • ✓ 60-day money-back guarantee*
  • ✓ License for buyer + corporate group (§ 15 AktG)
  • ✓ E-learning module (employee training)
  • ✓ Trainer pack (PowerPoint + trainer materials for in-house training)
Choose Komplett
Automatically personalised

All documents are pre-filled with your company name and license ID. Download link via email.

✓ Instant download

Multi-company license for corporate groups

Multiple independent sister companies without group affiliation (§ 15 AktG)? +50% surcharge extends the license to 3 additional companies.

Example: Plus 1,290 EUR × 1.50 = 1,935 EUR. Choose the multi-company license at checkout. Details in our Terms § 6.

Note: Templates are based on current case law and source-verified before delivery. Customisation to your specific company situation and final legal review are recommended. 60-day money-back guarantee* per Terms § 8.

FAQ

Frequently asked questions

What is included in the kit?

67 editable Word templates covering the full GDPR documentation cycle: records of processing (Art. 30), data processing agreements (Art. 28), TOM checklists (Art. 32), data protection impact assessment (Art. 35), data subject rights workflow (Art. 12-22), breach response, deletion concept (DIN 66398), cookie banner concept, privacy notices for website / employees / applicants. Personalised with your company name on delivery.

Can I keep the templates forever?

Yes. After purchase you receive a download link containing all personalised Word templates. The files belong to you completely — you can store, integrate, edit and archive them. No cloud dependency, no per-device license activation, no internet connection required for use.

What does "buy once, always up-to-date" mean?

You receive all updates of the kit as long as the kit is maintained in its current major version. Major version means: same regulatory basis, same scope. Updates arrive when authorities publish new guidance, new case law is published, or known follow-up phases of a regulation kick in. If a substantially new regulation supersedes the existing one, a new major version emerges — existing customers receive a 50% discount. Details in Terms § 7.

What does the 60-day money-back guarantee cover?

If a template content is provably legally incorrect (proven by a lawyer's letter or authority statement), we refund the purchase price plus demonstrable consequential costs — up to a maximum of twice the purchase price. Deadline: 60 days from delivery. Processing within 14 business days from full defect report. Details in Terms § 8.

Do I need an RoPA if I have fewer than 250 employees?

Yes, in practice almost always. The 250-employee threshold in Art. 30(5) GDPR only applies if the processing poses no risk to data subjects, is not regular AND does not concern special categories of data. HR processing, CRM and newsletters each individually meet the "regular" criterion and exclude the exemption.

Is a DPIA mandatory or recommended?

Mandatory — where a high risk is likely under Art. 35 GDPR. Supervisory authorities publish must-lists (DSK "List of mandatory DPIA cases"): systematic evaluation, large-scale Art. 9 data, tracking, AI profiling. A prior threshold assessment is practice standard.

How much is the GDPR fine for SMEs?

Up to EUR 20 million or 4% of worldwide annual turnover (higher value). Germany 2024: AOK EUR 1.24 million, H&M EUR 35.3 million, Deutsche Wohnen EUR 14.5 million. Typical SME fines: EUR 5,000-80,000 per violation. The BfDI activity report shows: 85% of supervisory enquiries start with a request for an RoPA.

Do I need a Data Protection Officer (DPO)?

Mandatory from 20 permanent employees engaged in personal data processing (§ 38 BDSG). Also: where core activities involve profiling/monitoring or special categories (Art. 9 GDPR), regardless of headcount. External DPO is permitted and often more cost-effective.