WADIFF Consulting

The GDPR Principles
How to track down your Personal Data (Data Mapping)

EU Law and Publications

The GDPR text (88 pages)

Countries that meet the EU adequacy requirements for protecting personal data
Binding Corporate Rules

UK Law

Data Protection Act 2018 (354 pages)
Data Protection Act 2018 – Explanatory Notes (126 pages)
UK GDPR (online version from Fieldfisher)

Information Commissioners Office

Brexit – Data protection if there’s no Brexit deal
BrexitPodcast: Time to act – are you #dataready?

Guide to the GDPR | PDF version of Guide to the GDPR (239 pages)

Preparing for the GDPR – 12 Steps to take now (11 pages)
Getting ready for the GDPR self-assessment toolkit
Blogs on GDPR Myths
The ICO’s Retention Schedule (8 pages)

Legitimate Interest | PDF version of Legitimate Interest (46 pages)
Consent | PDF Version of Consent (43 pages)

Accountability and governance
Automated decision-making and profiling
Children’s personal data
Codes of conduct
Data portability
Data protection by design and default
Data Protection Impact Assessments (DPIAs) (41 pages)
International Transfers
Personal Data Breach reporting |  Personal Data Breaches – when to report them to the ICO |Take the Quiz – should you report these data breaches?
Right to be informed (58 pages)
The employment practices code – includes monitoring at work (96 pages)

European Data Protection Supervisor/Article 29 Working Party

Application and setting of administrative fines (17 pages)
Automated individual decision-making and Profiling (37 pages)
Certification Bodies (22 pages)
Consent (31 pages)
Data breach notifications (33 pages)
Data Protection by Design and by Default (27 pages)
Data Protection Impact Assessment (DPIA) and High-Risk processing (22 pages)
Data Protection Officers Guidelines (25 pages)
Lead Supervisory Authority Guidelines (12 pages)
Right to Data Portability Guidelines (20 pages)
Transparency (40 pages)
Derogations in the context of international data transfers (17 pages)
Processing of personal data under ‘performance of a contract’ in the context of the provision of online services to data subjects (16 pages)
Opinion on data processing at work (24 pages)
Territorial scope of the GDPR (28 pages)

Opinion on Privacy by Design – Preliminary (29 pages)
Certification – Draft (19 pages)
Guidelines on the concepts of controller and processor in the GDPR – open for feedback until October 19th 2020 (48 pages)
Guidelines on the targeting of social media users – open for feedback until October 19th 2020 (37 pages)

Examples of completed Data Protection Impact Assessments

UK Metropolitan Police – Live Facial Recognition trial. IMPORTANT NOTE: The criteria used by the police for evaluating risks and the legal requirements they operate under is different from a business
Derbyshire County Council – Case Management System
Holland – Microsoft Windows 10
Transport for London – WiFi data

Other useful links

Mapping ISO27001 to GDPR (19 pages)
Compare Data Protection Laws around the world
Data Protection Network – Legitimate Interest guidance  (need to register to download the PDF)
Handbook on European data protection law – 2018 edition (402 pages)
IAPP – 2019 Privacy Tech Vendor Report
GDPR Fines Tracker (enforcementtracker.com)
GDPR Fines Tracker (EDPB)
Cookies – Database of Pre-Categorized Cookies