GDPR resources

Getting ready for the GDPR

Here’s a list of useful GRPR resources curated by our Chief Privacy Officer, James Koons. We’ll be updating this
page as and when new sources become available, so do check back regularly.

 

National Regulator Guidance
Issuing body Content
Agencia Española de Protección de Datos (Spanish Data Protection Agency) General Data Protection Regulation Guidelines for Data Controllers
Agencia Española de Protección de Datos (Spanish Data Protection Agency) Guidelines for Agreements between Data Controllers and Data Processors
Agencia Española de Protección de Datos (Spanish Data Protection Agency) Guidelines for Complying with the Information Requirements
Irish Data Protection Commissioner The GDPR and You - Preparing for 2018
UK Department of Culture Media and Sports Call for views on the General Data Protection Regulation derogations
UK Privacy Commissioner Feedback request – profiling and automated decision-making
UK Privacy Commissioner Preparing for the General Data Protection Regulation (GDPR) – 12 Steps to Take Now
UK Privacy Commissioner Consultation: GDPR consent guidance
UK Privacy Commissioner Privacy notices, transparency and control - A code of practice on communicating privacy information to individuals
Hungarian Data Protection and Freedom of Information Agency (NAIH) Preparing for the Application of the Data Protection Regulation in 12 Steps – Guidance for Controllers and Processors
Hungarian Data Protection and Freedom of Information Agency (NAIH) (Felkészülés az Adatvédelmi Rendelet alkalmazására 12 lépésben- Iránymutatás adatkezelők, adatfeldolgozók részére)
Commission Nationale de l'Informatique et des Libertés (CNIL) PIA Manual 1 - Methodology (how to carry out a PIA)
Commission Nationale de l'Informatique et des Libertés (CNIL) PIA Manual 2 - Tools (templates and knowledge bases)
Commission Nationale de l'Informatique et des Libertés (CNIL) PIA Manual 3 - Good Practices
Agencia Española de Protección de Datos (Spanish Data Protection Agency) Implicaciones prácticas del Reglamento General de Protección de Datos para entidades en el periodo de transición (“Practical Implications for companies of the General Data Protection Regulation in the transition period”)
Austrian Data Protection Authority Guidance on data protection filings made before 25 Mai 2018
UK Privacy Commissioner Guidance: What to expect and when
Agencia Española de Protección de Datos (Spanish Data Protection  Agency) El Reglamento de protección de datos en 12 preguntas (The General Data Protection Regulation in 12 questions)
German Federal Data Protection Authority Informationsbroschüre mit endgültigem Text zur künftigen Europäischen Datenschutz-Grundverordnung  (available in German only)
Commission Nationale de l'Informatique et des Libertés (CNIL) Les enjeux pour 2016 (1) : assurer la mise en œuvre du règlement européen
Commission Nationale de l'Informatique et des Libertés (CNIL) Plan Stratégique
Guidance & Press Releases From EU Institutions
Issuing body Content
Article 29 Working Party Guidelines on the right to data portability
Article 29 Working Party Annex – Frequently Asked Questions
Article 29 Working Party Adoption of 2017 GDPR Action Plan
Article 29 Working Party Guidelines on Data Protection Officers (‘DPOs’)
Article 29 Working Party Annex - Frequently Asked Questions
Article 29 Working Party Guidelines for identifying a controller or processor’s lead supervisory authority
Article 29 Working Party Annex - Frequently Asked Questions
European Data Protection Supervisor (EDPS) Annual Report 2015
European Council The General Data Protection Regulation
dotmailer-Created Content
Content
GDPR blog 12 things to think about (Part 1)
GDPR blog 13 things to think about (Part 2)
GDPR blog 14 things to think about (Part 3)
GDPR blog 15 things to think about (Part 4)
GDPR blog What is this GDPR?