Awesome GDPR

The General Data Protection Regulation (GDPR) is a regulation on data protection and privacy for all individuals within the European Union and the European Economic Area. The regulation has increased the focus on privacy in companies and strengthened the data subjects influence.Contents

Legal text

Guidelines

Rights of the data subject (art. 12 - 23)

Privacy by Design - Guides for developers (art. 25)

Records of Processing (art. 30)

Security (art. 32)

Incident management (art. 33 and 34)

Data Protection Impact Assessments (DPIA, art. 35)

Tools

Data Protection Authorities

Organisations / Projects

Publications

Solutions providers

Legal text

GDPR (2016/679) - Official version of GDPR.

GDPR-info - GDPR linked to relevant articles and section in the preamble (Non-official site).

GDPR-expert - Compare the Regulation, Directive and National legislation. Linked to relevant section in preamble (Non-official site).

GDPRhub -> GDPR Articles - GDPR articles included commentary.

Guidelines

Guidelines & Opinions from the European Data Protection Board (EDPB).

ICO: Guide to GDPR

Handbook on European data protection law - Handbook issued by EU.

Factsheets - Factsheets from EU Data Protection Supervisor.

Rights of the data subject (art. 12 - 23)

Open source privacy notice template (Juro)

Privacy by Design - Guides for developers (art. 25)

CNIL - GDPR Developer Guide

Norwegian DPA - Software development with Data Protection by Design and by Default

Data Pseudonymisation: Advanced Techniques and Use Cases - Report on pseudonymisation techniques from ENISA.

Anonymisation, pseudonymisation and privacy enhancing technologies guidance - ICO

Records of Processing (art. 30)

Iubenda - Register of data processing activities

Security (art. 32)

OWASP Top 10 - Top 10 Web Application Security Risks.

OWASP Cheat Sheet Series - Concise collection of high value information on specific application security topics.

Anonymisation, pseudonymisation and privacy enhancing technologies guidance

Incident management (art. 33 and 34)

ENISA: Recommendations for a methodology of the assessment of severity of personal data breaches

Google, SRE: Managing Incidents

Troy Hunt: Data breach disclosure 101

Awesome Incident Response

GDPR Enforcement Tracker - Overview of fines and penalties.

Data Protection Impact Assessments (DPIA, art. 35)

Open-source DPIA software from the French DPA

Guidelines on Data Protection Impact Assessment (WP29)

Awesome GDPR

Legal text
Guidelines
Rights of the data subject (art. 12 - 23)
Privacy by Design - Guides for developers (art. 25)
Records of Processing (art. 30)
Security (art. 32)
Incident management (art. 33 and 34)
Data Protection Impact Assessments (DPIA, art. 35)
Tools
Data Protection Authorities
Organisations / Projects
Publications
Solutions providers
Related

Legal text

GDPR (2016/679) - Official version of GDPR.
GDPR-info - GDPR linked to relevant articles and section in the preamble (Non-official site).
GDPR-expert - Compare the Regulation, Directive and National legislation. Linked to relevant section in preamble (Non-official site).
GDPRhub -> GDPR Articles - GDPR articles included commentary.

Guidelines

Guidelines & Opinions from the European Data Protection Board (EDPB).
ICO: Guide to GDPR
Handbook on European data protection law - Handbook issued by EU.
Factsheets - Factsheets from EU Data Protection Supervisor.

Rights of the data subject (art. 12 - 23)

Open source privacy notice template (Juro)

Privacy by Design - Guides for developers (art. 25)

CNIL - GDPR Developer Guide
Norwegian DPA - Software development with Data Protection by Design and by Default
Data Pseudonymisation: Advanced Techniques and Use Cases - Report on pseudonymisation techniques from ENISA.
Anonymisation, pseudonymisation and privacy enhancing technologies guidance - ICO

Records of Processing (art. 30)

Iubenda - Register of data processing activities

Security (art. 32)

OWASP Top 10 - Top 10 Web Application Security Risks.
OWASP Cheat Sheet Series - Concise collection of high value information on specific application security topics.
Anonymisation, pseudonymisation and privacy enhancing technologies guidance

Incident management (art. 33 and 34)

ENISA: Recommendations for a methodology of the assessment of severity of personal data breaches
Google, SRE: Managing Incidents
Troy Hunt: Data breach disclosure 101
Awesome Incident Response
GDPR Enforcement Tracker - Overview of fines and penalties.