The General Data Protection Regulation (GDPR) is a regulation on data protection and privacy for all individuals within the European Union and the European Economic Area. The regulation has increased the focus on privacy in companies and strengthened the data subjects influence.
- Legal text
- Privacy by Design - Guides for developers (art. 25)
- Security (art. 32)
- Incident management (art. 33 and 34)
- Data Protection Impact Assessments (DPIA, art. 35)
- Data Protection Authorities
- Organisations / Projects
- Solutions providers
- GDPR (2016/679) - Official version of GDPR.
- GDPR-info - GDPR linked to relevant articles and section in the preamble (Non-official site).
- GDPR-expert - Compare the Regulation, Directive and National legislation. Linked to relevant section in preamble (Non-official site).
- GDPRhub -> GDPR Articles - GDPR articles included commentary.
- EDPB: Guidelines & Opinions
- ICO: Guide to GDPR
- Handbook on European data protection law - Handbook issued by EU.
- EDPS: Factsheets - Factsheets from EU Data Protection Supervisor.
Privacy by Design - Guides for developers (art. 25)
- CNIL - GDPR Developer Guide
- Norwegian DPA - Software development with Data Protection by Design and by Default
- Data Pseudonymisation: Advanced Techniques and Use Cases - Report on pseudonymisation techniques from ENISA.
Security (art. 32)
- OWASP Top 10 - Top 10 Web Application Security Risks.
- OWASP Cheat Sheet Series - Concise collection of high value information on specific application security topics.
- ARX - Data Anonymization Tool - Open source software for anonymizing sensitive personal data.
Incident management (art. 33 and 34)
- ENISA: Recommendations for a methodology of the assessment of severity of personal data breaches
- Google, SRE: Managing Incidents
- Troy Hunt: Data breach disclosure 101
- Awesome Incident Response
- GDPR Enforcement Tracker - Overview of fines and penalties.
Data Protection Impact Assessments (DPIA, art. 35)
- Open-source DPIA software from the French DPA
- Guidelines on Data Protection Impact Assessment (WP29)
- ISO-standard: Guidelines for privacy impact assessment
- DPIA template from ICO
- Website Evidence Collector (WEC) - EDPS Inspection Software.
- Data protection around the world - (CNIL) Map of the level of data protection in each country.
- Data Protection Laws of the world - (DLA Piper) Compare data protection laws around the world.
Data Protection Authorities
- European Data Protection Board - EDPB.
- European Data Protection Supervisor - EDPS.
- European Union Agency for Network and Information Security (ENISA) - ENISA.
- List of Data Protection Authorities
Organisations / Projects
- Electronic Frontier Foundation - Nonprofit defending digital privacy, free speech, and innovation.
- International Association of Privacy Professionals - A resource for privacy professionals.
- Privacy International - Charity that challenges the governments and companies that want to know everything about individuals, groups, and whole societies.
- NOYB - Organisation that brings important issues to the attention of DPAs, enforces the law in civil court or directly engages with companies.
- GDPR.eu - Resource for organisations and individuals researching the GDPR (Not official website).
- CyLab Usable Privacy and Security Laboratory - Research related to understand and improving the usability of privacy and security.
- EPIC - Electronic Privacy Information Center.
- Future of Privacy Forum - Catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies.
- W3C Privacy Interest Group - Leading the web to its full potential.
- GDPR Today - Privacy news from the Open Rights Group.
- Spread Privacy - DuckDuckGo Blog.
- Freedom To Tinker - Blog from Princeton's CITP, a research center that studies digital technologies in public life.
- pdpEcho - All about personal data protection and privacy, by Gabriela Zanfir-Fortuna.
- GDPRhub - Free and open wiki that allows anyone to find and share GDPR insights across Europe.
- Privacy Respecting
- Awesome: Security
- Awesome: Humane Tech
- Awesome: Privacy
- Developers Guide to HIPAA Compliance
To the extent possible under law, Harald O. Bakke has waived all copyright and related or neighboring rights to this work.