This is a list of useful resources I used in my own compliance journey or to translate GDPR-related documents.
Last updated: January 9, 2018
General Information
- The General Data Protection Regulation (official regulation)
- The Article29 Working Party Guidelines
- The GDPR – Structured View
National Data Protection Laws
- For the national data protection laws that are applicable to you, see your relevant Data Protection Authority’s website
- IAPP Resource Center – EU Member State GDPR Implementation Laws and Drafts
Register Templates of Processing Activities
Setting Up Your Security Plan and Drafting Your Security Policy
- Useful resources for freelancers
- NIST Official Website
- ISO/IEC 27000 Family – Information Security Management Systems
- PCMag – Security Solution Comparison
Useful Information to Guide You Through Your Privacy Policy and Information You Need to Display When You Collect Personal Data
- The General Data Protection Regulation (Art. 12, 13, and 14)
- The Article 29 Working Party Guidelines on Transparency under Regulation 2016/679 (wp260 rev.01 – guidelines explaining GDPR, Art. 12, 13, and 14)
Reviewing Your Cookie Banner and Your Cookie Policy
- General Information About Cookies
- The EU Internet Handbook (general information about cookies with links to the current ePrivacy directive and cookie policy templates)
- The ePrivacy Directive
- The Proposal for the ePrivacy Regulation
- The European Commission’s Cookie Policy Templates
Reviewing Your Legal Bases to Process Personal Data
- The General Data Protection Regulation (Art. 6)
- The WP29 Guidelines on Consent
Drafting Your Data Processing Agreements
- Check regularly for any available template on your relevant Data Protection Authority’s website
- CNIL (French DPA) – General Data Protection Regulation – Guide for Processors
- DLA Piper’s Example Data Protection Addendum
Working with Partners Based in Non-EEA Countries
- The General Data Protection Regulation (official regulation) (GDPR, Art. 44 to 50)
- List of National Data Protection Authorities
- Adequacy of the Protection of Personal Data in Non-EU Countries
- The EU-US Privacy Shield
- Standard Contractual Clauses
- FAQ Related to the Standard Contractual Clauses
Violation Notification
Refer to the relevant EU Data Protection Authority.