- Legal text
- Data Protection Impact Assessments (DPIA)
- Security (art. 32)
- Privacy by Design – Guides for developers (art. 15)
- Incident management
- Organisations / Projects
- Solutions providers
- GDPR (2016/679) – Official version of GDPR.
- GDPR-info – GDPR linked to relevant articles and section in the preamble (Non-official site).
- GDPR-expert – Compare the Regulation, Directive and National legislation. Linked to relevant section in preamble (Non-official site).
- Searchable GDPR
- GDPRhub -> GDPR Articles – GDPR articles included commentary.
- EDPB: Guidelines & Opinions
- ICO: Guide to GDPR
- Handbook on European data protection law – Handbook issued by EU.
- EDPS: Factsheets – Factsheets from EU Data Protection Supervisor.
- The Ethical Design Handbook
- GDPR Today – Privacy news from the Open Rights Group.
- Spread Privacy – DuckDuckGo Blog.
- Freedom To Tinker – Blog from Princeton’s CITP, a research center that studies digital technologies in public life.
- pdpEcho – All about personal data protection and privacy, by Gabriela Zanfir-Fortuna.
- GDPRhub – Free and open wiki that allows anyone to find and share GDPR insights across Europe.
Data Protection Impact Assessments (DPIA)
- Open-source DPIA software from the French DPA
- Guidelines on Data Protection Impact Assessment (WP29)
- ISO-standard: Guidelines for privacy impact assessment
- DPIA template from ICO
- Website Evidence Collector (WEC) – EDPS Inspection Software.
- Data protection around the world – Map of the level of data protection in each country.
Privacy by Design – Guides for developers (art. 15)
- CNIL – GDPR Developer Guide
- Norwegian DPA – Software development with Data Protection by Design and by Default
Security (art. 32)
- OWASP Top 10 – Top 10 Web Application Security Risks.
- OWASP Cheat Sheet Series – Concise collection of high value information on specific application security topics.
- ARX – Data Anonymization Tool – Open source software for anonymizing sensitive personal data.
- ENISA: Recommendations for a methodology of the assessment of severity of personal data breaches
- Google, SRE: Managing Incidents
- Troy Hunt: Data breach disclosure 101
- Awesome Incident Response
- GDPR Enforcement Tracker – Overview of fines and penalties.
Data Protection Authorities
- European Data Protection Board – EDPB.
- European Data Protection Supervisor – EDPS.
- European Union Agency for Network and Information Security (ENISA) – ENISA.
- List of Data Protection Authorities
Organisations / Projects
- Electronic Frontier Foundation – Nonprofit defending digital privacy, free speech, and innovation.
- International Association of Privacy Professionals – A resource for privacy professionals.
- Privacy International – Charity that challenges the governments and companies that want to know everything about individuals, groups, and whole societies.
- NOYB – Organisation that brings important issues to the attention of DPAs, enforces the law in civil court or directly engages with companies.
- GDPR.eu – Resource for organisations and individuals researching the GDPR (Not official website).
- CyLab Usable Privacy and Security Laboratory – Research related to understand and improving the usability of privacy and security.
- EPIC – Electronic Privacy Information Center.
- Future of Privacy Forum – Catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies.
- W3C Privacy Interest Group – Leading the web to its full potential.