I realise, this braindump will never be finished, so come back once in a while to check for updates. Work in progress…

But let’s turn around the thing a bit, you certainly must have smart ideas or articles on GDPR for starters that belong on this list! Let me know and I’ll add it to the list.
Of course, with the proper credits!

DISCLAIMER: These resources are provided / authored by different people, companies, vendors, each of them copyrighted by the original owner.
The resources below are just a collection or interesting documentation, need to have, without any preference or commercial interest for any party.

GDPR official text
Vocabulary
GDPR Table of contents
Working Party 29
- WP29 articles
- WP 29 Advisory
ISO Standards related to GDPR
- ISO29100 (Privacy Framework)
- ISO27001 (Information Security)I
  - Mapping GDPR to ISO27001 schema
  - Implementing GDPR with ISO27001
GDPR at a glance
Data access request
Visualisation sheet
Useful Tools
GDPR Privacy Courses (work in progress)

First of all, before you start with GDPR you must have read the GDPR text.
It’s not as bad (you mean: legalese) as you might suspect.

GDPR official text

official publication on Office Journal of the EU : http://eur-lex.europa.eu/legal-content/NL/TXT/?uri=OJ%3AL%3A2016%3A119%3ATOC
http://bit.do/GDPR_AllVersions
http://bit.do/GDPR_EN (88p, EN only)

You might want to have it a bit more condensed to start.

Vocabulary / Grammar

Do not get confused: European Council vs Council of the European Union vs Council of Europe

More info at:

– http://www.caneurope.org/publications/blogs/1295-what-is-the-european-council-or-the-council-of-the-european-union%C2%A0

– https://www.coe.int/en/web/about-us/do-not-get-confused

GDPR Table of contents

Once you get through the legal texts… you’ll quickly understand that the GDPR text itself at least lacks 1 important thing: A table of contents (TOC).

This TOC by Intersoft Consulting might help: bookmark https://gdpr-info.eu/

It provides a nice overview of the GDPR Recitals (= reasons the articles of the GDPR have been adopted).

There are 173 recitals, the and the TOC provides a quick topic overview at https://gdpr-info.eu/recitals/.

Also the site provides an overview of the GDPR structure

11 Chapters
Sections per chapter
99 Articles (spread over sections / chapters

GDPR Adequacy decisions

Working Party 29

http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:31995L0046

“The composition and purpose of Art. 29 WP was set out in Article 29 of the Data Protection Directive, and it was launched in 1996.”

https://en.wikipedia.org/wiki/Article_29_Data_Protection_Working_Party

The European Data Protection Board (EDPB) will replace the Article 29 Working Party under the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

WP29 articles

Newsroom overview: http://ec.europa.eu/newsroom/article29/news.cfm
Guidelines: http://ec.europa.eu/newsroom/article29/news.cfm?item_type=1360

WP 29 Advisory

The Article 29 Working Party Issues Final Guidelines on Data Protection Officers (“DPO”) is available here.

More info

Bird & Bird article, explaining
1. Accountability means that DPO assessments need to be kept up-to-date and can be requested at anytime
2. No “a la carte” DPO appointments
3. Big data now an example of ‘regular and systematic monitoring’
4. Preferably, the DPO should be located within this EU
5. There can only be one DPO, but supported by a team
6. Duty to ensure the confidentiality of communications between the DPO and employees
7. Senior managers including Head of HR, Marketing or IT individuals are barred from serving as the DPO
8. The GDPR does not prevent the DPO from maintaining records of processing
For a redline comparison with the earlier draft, click here.

ISO Standards related to GDPR

ISO29100 (Privacy Framework)

PIA: ISO 29134

http://standards.iso.org/ittf/PubliclyAvailableStandards/c045123_ISO_IEC_29100_2011.zip

ISO27001 (Information Security)

Mandatory ISO27001 documents: ISMS mandatory documentation checklist

Mapping GDPR to ISO27001 schema

Implementing GDPR with ISO27001

https://pecb.com/oldwebinar/26-may-2018-from-gdpr-to-sustainable-gdp

GDPR at a glance

https://www.twobirds.com/~/media/pdfs/gdpr-pdfs/bird–bird–guide-to-the-general-data-protection-regulation.pdf (Credits for Moritz Anders).

Data access request

As published on LinkedIn: The Nightmare Letter: A Subject Access Request under GDPR (By: Constantine Karbaliotis)

You can download the docx Word version in EN (here) and in NL translated version (here).

Useful Tools

Open Source

Monarc – Risk Assessment: http://Monarc.lu

CNIL – DPIA Tool

CNIL guides for PIA: https://www.cnil.fr/en/PIA-privacy-impact-assessment-en

Visualisation sheet

Have a look what Jonas Holdensen has published, a marvelous sheet to provide a visualization on GDPR.

Also he has provided a nice overview on the DPO requirements & tasks under GDPR.

If you prefer the file in pdf or word, then download the file here: www.kortlink.dk/rhpx

GDPR Privacy Courses (work in progress)

Region	Provider	Course	URL
WW	IAPP	CIPT, CIPP/E, CIPM,	https://iapp.org/train/gdprready/
WW	PECB	PECB Certified Data protection Officer	https://pecb.com/en/education-and-certification-for-individuals/gdpr
BE	DP Institute	Data Protection Officer Certificatie Training	https://www.dp-institute.eu/nl/opleidingen/
WW	IT Governance	GDPR	https://www.itgovernance.co.uk/data-protection-dpa-and-eu-data-protection-regulation
WW	Cranium	GDPR & Privacy

And some more

Legislative background

The Privacy, Data Protection and Cybersecurity Law Review – Edition 4 Belgium

https://thelawreviews.co.uk/chapter/1151276/belgium

Identity Underground

My connector space to the internet metaverse (also my external memory, so I can easily share what I learn)

data protection

May 2018
M	T	W	T	F	S	S
« Apr
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Table of contents