General Data Protection Regulation (GDPR): Regulatory Compliance

Welcome To The World of GDPR in Cybersecurity:

A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about General Data Protection Regulation (GDPR). Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation that harmonizes national data privacy laws throughout the EU and enhances the protection of all EU residents with respect to their personal data.

• This harmonization creates new rights for individuals and a set of stronger and clearer rules for businesses.
• The GDPR applies to all companies handling the personal data of EU residents, including companies established outside the EU if they offer goods or services to EU residents or monitor their behaviour.
• The GDPR entered into force on May 25, 2018.

Table of Contents

• Legal text
• Guidelines
• Privacy by Design - Guides for developers (art. 25)
• Security (art. 32)
• Incident management (art. 33 and 34)
• Data Protection Impact Assessments (DPIA, art. 35)
• Tools
• Data Protection Authorities
• Organisations / Projects
• Publications
• Solutions providers
• Related

^ back to top ^

Legal text

• GDPR (2016/679) - Official version of GDPR.
• GDPR-info - GDPR linked to relevant articles and section in the preamble (Non-official site).
• GDPR-expert - Compare the Regulation, Directive and National legislation. Linked to relevant section in preamble (Non-official site).
• GDPRhub -> GDPR Articles - GDPR articles included commentary.

Guidelines

• EDPB: Guidelines & Opinions
• ICO: Guide to GDPR
• Handbook on European data protection law - Handbook issued by EU.
• EDPS: Factsheets - Factsheets from EU Data Protection Supervisor.

Privacy by Design - Guides for developers (art. 25)

• CNIL - GDPR Developer Guide
• Norwegian DPA - Software development with Data Protection by Design and by Default
• Data Pseudonymisation: Advanced Techniques and Use Cases - Report on pseudonymisation techniques from ENISA.

Security (art. 32)

• OWASP Top 10 - Top 10 Web Application Security Risks.
• OWASP Cheat Sheet Series - Concise collection of high value information on specific application security topics.

Incident management (art. 33 and 34)

• ENISA: Recommendations for a methodology of the assessment of severity of personal data breaches
• Google, SRE: Managing Incidents
• Troy Hunt: Data breach disclosure 101
• Awesome Incident Response
• GDPR Enforcement Tracker - Overview of fines and penalties.

Data Protection Impact Assessments (DPIA, art. 35)

• Open-source DPIA software from the French DPA
• Guidelines on Data Protection Impact Assessment (WP29)
• ISO-standard: Guidelines for privacy impact assessment
• DPIA template from ICO

Tools

• Website Evidence Collector (WEC) - EDPS Inspection Software.
• Data protection around the world - (CNIL) Map of the level of data protection in each country.
• Data Protection Laws of the world - (DLA Piper) Compare data protection laws around the world.

Data Protection Authorities

• European Data Protection Board - EDPB.
• European Data Protection Supervisor - EDPS.
• European Union Agency for Network and Information Security (ENISA) - ENISA.
• List of Data Protection Authorities

^ back to top ^

Organisations / Projects

• Electronic Frontier Foundation - Nonprofit defending digital privacy, free speech, and innovation.
• International Association of Privacy Professionals - A resource for privacy professionals.
• Privacy International - Charity that challenges the governments and companies that want to know everything about individuals, groups, and whole societies.
• NOYB - Organisation that brings important issues to the attention of DPAs, enforces the law in civil court or directly engages with companies.
• GDPR.eu - Resource for organisations and individuals researching the GDPR (Not official website).
• CyLab Usable Privacy and Security Laboratory - Research related to understand and improving the usability of privacy and security.
• EPIC - Electronic Privacy Information Center.
• Future of Privacy Forum - Catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies.
• W3C Privacy Interest Group - Leading the web to its full potential.

^ back to top ^

Publications

• GDPR Today - Privacy news from the Open Rights Group.
• Spread Privacy - DuckDuckGo Blog.
• Freedom To Tinker - Blog from Princeton's CITP, a research center that studies digital technologies in public life.
• pdpEcho - All about personal data protection and privacy, by Gabriela Zanfir-Fortuna.
• GDPRhub - Free and open wiki that allows anyone to find and share GDPR insights across Europe.

^ back to top ^

Related

• Privacy Respecting
• Cybersecurity
• Cybersecurity Architecture
• Awesome: Privacy - List of free, open source and privacy respecting services and alternatives to privative services.
• Developers Guide to HIPAA Compliance

^ back to top ^

^ back to top ^

License

MIT License & cc license

This work is licensed under a Creative Commons Attribution 4.0 International License.

To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.