The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. Wikipedia
- Legal Text
- Privacy by Design - Guides for developers (art. 15)
- Data Protection Impact Assessments (DPIA, art. 25)
- Incident management (art. 33 and 34)
- Security (art. 32)
- Data Protection Authorities
- Organizations / Projects
- Solutions providers
- GDPR (2016/679) - Official version of GDPR.
- GDPR-info - GDPR linked to relevant articles and section in the preamble (Non-official site).
- GDPR-expert - Compare the Regulation, Directive and National legislation. Linked to relevant section in preamble (Non-official site).
- GDPRhub -> GDPR Articles - GDPR articles included commentary.
- EDPB: Guidelines & Opinions
- ICO: Guide to GDPR
- Handbook on European data protection law - Handbook issued by EU.
- EDPS: Factsheets - Factsheets from EU Data Protection Supervisor.
Privacy by Design - Guides for developers (art. 15)
- CNIL - GDPR Developer Guide
- Norwegian DPA - Software development with Data Protection by Design and by Default
Data Protection Impact Assessments (DPIA, art. 25)
- Open-source DPIA software from the French DPA
- Guidelines on Data Protection Impact Assessment (WP29)
- ISO-standard: Guidelines for privacy impact assessment
- DPIA template from ICO
Incident management (art. 33 and 34)
- ENISA: Recommendations for a methodology of the assessment of severity of personal data breaches
- Google, SRE: Managing Incidents
- Troy Hunt: Data breach disclosure 101
- GDPR Enforcement Tracker - Overview of fines and penalties.
Security (art. 32)
- OWASP Top 10 - Top 10 Web Application Security Risks.
- OWASP Cheat Sheet Series - Concise collection of high value information on specific application security topics.
- ARX - Data Anonymization Tool - Open source software for anonymizing sensitive personal data.
- Website Evidence Collector (WEC) - EDPS Inspection Software.
- Data protection around the world - Map of the level of data protection in each country.
Data Protection Authorities
- European Data Protection Board - EDPB.
- European Data Protection Supervisor - EDPS.
- European Union Agency for Network and Information Security (ENISA) - ENISA.
- List of Data Protection Authorities
Organizations and Projects
- Electronic Frontier Foundation - Nonprofit defending digital privacy, free speech, and innovation.
- International Association of Privacy Professionals - A resource for privacy professionals.
- Privacy International - Charity that challenges the governments and companies that want to know everything about individuals, groups, and whole societies.
- NOYB - Organisation that brings important issues to the attention of DPAs, enforces the law in civil court or directly engages with companies.
- GDPR.eu - Resource for organisations and individuals researching the GDPR (Not official website).
- CyLab Usable Privacy and Security Laboratory - Research related to understand and improving the usability of privacy and security.
- EPIC - Electronic Privacy Information Center.
- Future of Privacy Forum - Catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies.
- W3C Privacy Interest Group - Leading the web to its full potential.
- GDPR Today - Privacy news from the Open Rights Group.
- Spread Privacy - DuckDuckGo Blog.
- Freedom To Tinker - Blog from Princeton's CITP, a research center that studies digital technologies in public life.
- pdpEcho - All about personal data protection and privacy, by Gabriela Zanfir-Fortuna.
- GDPRhub - Free and open wiki that allows anyone to find and share GDPR insights across Europe.