Awesome GDPR – Massive Collection of Resources

Contents

• Legal text
• Guidelines
• Blogs
• Data Protection Impact Assessments (DPIA)
• Tools
• Security (art. 32)
• Privacy by Design – Guides for developers (art. 15)
• Incident management
• Organisations / Projects
• Solutions providers

Legal text

• GDPR (2016/679) – Official version of GDPR.
• GDPR-info – GDPR linked to relevant articles and section in the preamble (Non-official site).
• GDPR-expert – Compare the Regulation, Directive and National legislation. Linked to relevant section in preamble (Non-official site).
• Searchable GDPR
• GDPRhub -> GDPR Articles – GDPR articles included commentary.

Guidelines

• EDPB: Guidelines & Opinions
• ICO: Guide to GDPR
• Handbook on European data protection law – Handbook issued by EU.
• EDPS: Factsheets – Factsheets from EU Data Protection Supervisor.
• The Ethical Design Handbook

Blogs

• GDPR Today – Privacy news from the Open Rights Group.
• Spread Privacy – DuckDuckGo Blog.
• Freedom To Tinker – Blog from Princeton’s CITP, a research center that studies digital technologies in public life.
• pdpEcho – All about personal data protection and privacy, by Gabriela Zanfir-Fortuna.
• GDPRhub – Free and open wiki that allows anyone to find and share GDPR insights across Europe.

Data Protection Impact Assessments (DPIA)

• Open-source DPIA software from the French DPA
• Guidelines on Data Protection Impact Assessment (WP29)
• ISO-standard: Guidelines for privacy impact assessment
• DPIA template from ICO

Tools

• Website Evidence Collector (WEC) – EDPS Inspection Software.
• Data protection around the world – Map of the level of data protection in each country.

Privacy by Design – Guides for developers (art. 15)

• CNIL – GDPR Developer Guide
• Norwegian DPA – Software development with Data Protection by Design and by Default

Security (art. 32)

• OWASP Top 10 – Top 10 Web Application Security Risks.
• OWASP Cheat Sheet Series – Concise collection of high value information on specific application security topics.
• ARX – Data Anonymization Tool – Open source software for anonymizing sensitive personal data.

Incident management

• ENISA: Recommendations for a methodology of the assessment of severity of personal data breaches
• Google, SRE: Managing Incidents
• Troy Hunt: Data breach disclosure 101
• Awesome Incident Response
• GDPR Enforcement Tracker – Overview of fines and penalties.

Data Protection Authorities

• European Data Protection Board – EDPB.
• European Data Protection Supervisor – EDPS.
• European Union Agency for Network and Information Security (ENISA) – ENISA.
• List of Data Protection Authorities

Organisations / Projects

• Electronic Frontier Foundation – Nonprofit defending digital privacy, free speech, and innovation.
• International Association of Privacy Professionals – A resource for privacy professionals.
• Privacy International – Charity that challenges the governments and companies that want to know everything about individuals, groups, and whole societies.
• NOYB – Organisation that brings important issues to the attention of DPAs, enforces the law in civil court or directly engages with companies.
• GDPR.eu – Resource for organisations and individuals researching the GDPR (Not official website).
• CyLab Usable Privacy and Security Laboratory – Research related to understand and improving the usability of privacy and security.
• EPIC – Electronic Privacy Information Center.
• Future of Privacy Forum – Catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies.
• W3C Privacy Interest Group – Leading the web to its full potential.

Solutions providers

• OneTrust
• TrustArc
• Privitar
• BigID
• Wirewheel
• Collibra