I realise, this braindump will never be finished, so come back once in a while to check for updates. Work in progress…
But let’s turn around the thing a bit, you certainly must have smart ideas or articles on GDPR for starters that belong on this list! Let me know and I’ll add it to the list.
Of course, with the proper credits!
DISCLAIMER: These resources are provided / authored by different people, companies, vendors, each of them copyrighted by the original owner.
The resources below are just a collection or interesting documentation, need to have, without any preference or commercial interest for any party.
Table of contents
First of all, before you start with GDPR you must have read the GDPR text.
It’s not as bad (you mean: legalese) as you might suspect.
- official publication on Office Journal of the EU : http://eur-lex.europa.eu/legal-content/NL/TXT/?uri=OJ%3AL%3A2016%3A119%3ATOC
- http://bit.do/GDPR_EN (88p, EN only)
You might want to have it a bit more condensed to start.
Do not get confused: European Council vs Council of the European Union vs Council of Europe
More info at:
Once you get through the legal texts… you’ll quickly understand that the GDPR text itself at least lacks 1 important thing: A table of contents (TOC).
This TOC by Intersoft Consulting might help: bookmark https://gdpr-info.eu/
It provides a nice overview of the GDPR Recitals (= reasons the articles of the GDPR have been adopted).
There are 173 recitals, the and the TOC provides a quick topic overview at https://gdpr-info.eu/recitals/.
Also the site provides an overview of the GDPR structure
- 11 Chapters
- Sections per chapter
- 99 Articles (spread over sections / chapters
GDPR Adequacy decisions
The European Data Protection Board (EDPB) will replace the Article 29 Working Party under the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
Newsroom overview: http://ec.europa.eu/newsroom/article29/news.cfm
The Article 29 Working Party Issues Final Guidelines on Data Protection Officers (“DPO”) is available here.
- Bird & Bird article, explaining
- Accountability means that DPO assessments need to be kept up-to-date and can be requested at anytime
- No “a la carte” DPO appointments
- Big data now an example of ‘regular and systematic monitoring’
- Preferably, the DPO should be located within this EU
- There can only be one DPO, but supported by a team
- Duty to ensure the confidentiality of communications between the DPO and employees
- Senior managers including Head of HR, Marketing or IT individuals are barred from serving as the DPO
- The GDPR does not prevent the DPO from maintaining records of processing
- For a redline comparison with the earlier draft, click here.
PIA: ISO 29134
Mandatory ISO27001 documents: ISMS mandatory documentation checklist
As published on LinkedIn: The Nightmare Letter: A Subject Access Request under GDPR (By: Constantine Karbaliotis)
CNIL guides for PIA: https://www.cnil.fr/en/PIA-privacy-impact-assessment-en
Have a look what Jonas Holdensen has published, a marvelous sheet to provide a visualization on GDPR.
Also he has provided a nice overview on the DPO requirements & tasks under GDPR.
If you prefer the file in pdf or word, then download the file here: www.kortlink.dk/rhpx
|WW||IAPP||CIPT, CIPP/E, CIPM,||https://iapp.org/train/gdprready/|
|WW||PECB||PECB Certified Data protection Officer||https://pecb.com/en/education-and-certification-for-individuals/gdpr|
|BE||DP Institute||Data Protection Officer Certificatie Training||https://www.dp-institute.eu/nl/opleidingen/|
|WW||Cranium||GDPR & Privacy|
And some more