Awesome GDPR

The General Data Protection Regulation (GDPR) is a regulation on data protection and privacy for all individuals within the European Union and the European Economic Area. The regulation has increased the focus on privacy in companies and strengthened the data subjects influence.

Contents

• Legal text
• Guidelines
• Rights of the data subject (art. 12 - 23)
• Privacy by Design - Guides for developers (art. 25)
• Records of Processing (art. 30)
• Security (art. 32)
• Incident management (art. 33 and 34)
• Data Protection Impact Assessments (DPIA, art. 35)
• Tools
• Data Protection Authorities
• Organisations / Projects
• Publications
• Solutions providers
• Related

Legal text

• GDPR (2016/679) - Official version of GDPR.
• GDPR-info - GDPR linked to relevant articles and section in the preamble (Non-official site).
• GDPR-expert - Compare the Regulation, Directive and National legislation. Linked to relevant section in preamble (Non-official site).
• GDPRhub -> GDPR Articles - GDPR articles included commentary.

Guidelines

• Guidelines & Opinions from the European Data Protection Board (EDPB).
• ICO: Guide to GDPR
• Handbook on European data protection law - Handbook issued by EU.
• Factsheets - Factsheets from EU Data Protection Supervisor.

Rights of the data subject (art. 12 - 23)

• Open source privacy notice template (Juro)

Privacy by Design - Guides for developers (art. 25)

• CNIL - GDPR Developer Guide
• Norwegian DPA - Software development with Data Protection by Design and by Default
• Data Pseudonymisation: Advanced Techniques and Use Cases - Report on pseudonymisation techniques from ENISA.
• Anonymisation, pseudonymisation and privacy enhancing technologies guidance - ICO

Records of Processing (art. 30)

• Iubenda - Register of data processing activities

Security (art. 32)

• OWASP Top 10 - Top 10 Web Application Security Risks.
• OWASP Cheat Sheet Series - Concise collection of high value information on specific application security topics.
• Anonymisation, pseudonymisation and privacy enhancing technologies guidance

Incident management (art. 33 and 34)

• ENISA: Recommendations for a methodology of the assessment of severity of personal data breaches
• Google, SRE: Managing Incidents
• Troy Hunt: Data breach disclosure 101
• Awesome Incident Response
• GDPR Enforcement Tracker - Overview of fines and penalties.

Data Protection Impact Assessments (DPIA, art. 35)

• Open-source DPIA software from the French DPA
• Guidelines on Data Protection Impact Assessment (WP29)
• ISO-standard: Guidelines for privacy impact assessment
• DPIA template from ICO
• Public DPIA Teams OneDrive SharePoint and Azure AD - DPIA of Microsoft Teams in combination with OneDrive, SharePoint Online and the Azure Active Directory.

Tools

• Website Evidence Collector (WEC) - EDPS Inspection Software.
• Data protection around the world - (CNIL) Map of the level of data protection in each country.
• Data Protection Laws of the world - (DLA Piper) Compare data protection laws around the world.

Data Protection Authorities (art. 51 -59)

• European Data Protection Board - EDPB.
• European Data Protection Supervisor - EDPS.
• European Union Agency for Network and Information Security (ENISA) - ENISA.
• List of Data Protection Authorities

Organisations / Projects

• Electronic Frontier Foundation - Nonprofit defending digital privacy, free speech, and innovation.
• International Association of Privacy Professionals - A resource for privacy professionals.
• Privacy International - Charity that challenges the governments and companies that want to know everything about individuals, groups, and whole societies.
• NOYB - Organisation that brings important issues to the attention of DPAs, enforces the law in civil court or directly engages with companies.
• GDPR.eu - Resource for organisations and individuals researching the GDPR (Not official website).
• CyLab Usable Privacy and Security Laboratory - Research related to understand and improving the usability of privacy and security.
• EPIC - Electronic Privacy Information Center.
• Future of Privacy Forum - Catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies.
• W3C Privacy Interest Group - Leading the web to its full potential.
• CISPE Code of Conduct - Pan-European sector-specific code for cloud infrastructure service providers under Article 40.

Publications

• GDPR Today - Privacy news from the Open Rights Group.
• Spread Privacy - DuckDuckGo Blog.
• Freedom To Tinker - Blog from Princeton's CITP, a research center that studies digital technologies in public life.
• pdpEcho - All about personal data protection and privacy, by Gabriela Zanfir-Fortuna.
• GDPRhub - Free and open wiki that allows anyone to find and share GDPR insights across Europe.

Related

• Privacy Respecting
• Awesome: Security
• Awesome: Humane Tech
• Awesome: Privacy - List of free, open source and privacy respecting services and alternatives to privative services.
• Developers Guide to HIPAA Compliance
• Analytics without cookies
• European web analytics services
• EU Alternatives

License

To the extent possible under law, Harald O. Bakke has waived all copyright and related or neighboring rights to this work.