WADIFF Consulting

The GDPR Principles
How to track down your Personal Data (Data Mapping)

EU Law and Publications

The GDPR text (88 pages)

Countries that meet the EU adequacy requirements for protecting personal data
Binding Corporate Rules

UK Law

Data Protection Act 2018 (354 pages)
Data Protection Act 2018 – Explanatory Notes (126 pages)

Information Commissioners Office

Brexit – Data protection if there’s no Brexit deal
BrexitPodcast: Time to act – are you #dataready?

Guide to the GDPR | PDF version of Guide to the GDPR (239 pages)

Preparing for the GDPR – 12 Steps to take now (11 pages)
Getting ready for the GDPR self-assessment toolkit
Blogs on GDPR Myths
The ICO’s Retention Schedule (8 pages)

Legitimate Interest | PDF version of Legitimate Interest (46 pages)
Consent | PDF Version of Consent (43 pages)

Accountability and governance
Automated decision-making and profiling
Children’s personal data
Codes of conduct
Data portability
Data protection by design and default
Data Protection Impact Assessments (DPIAs) (41 pages)
International Transfers
Personal Data Breach reporting |  Personal Data Breaches – when to report them to the ICO |Take the Quiz – should you report these data breaches?
Right to be informed (58 pages)

European Data Protection Supervisor/Article 29 Working Party

Application and setting of administrative fines (17 pages)
Automated individual decision-making and Profiling (37 pages)
Certification Bodies (22 pages)
Consent (31 pages)
Data breach notifications (33 pages)
Data Protection Impact Assessment (DPIA) and High-Risk processing (22 pages)
Data Protection Officers Guidelines (25 pages)
Lead Supervisory Authority Guidelines (12 pages)
Right to Data Portability Guidelines (20 pages)
Transparency (40 pages)
Derogations in the context of international data transfers (17 pages)

Opinion on Privacy by Design – Preliminary (29 pages)
Certification – Draft (19 pages)

Other useful links

Mapping ISO27001 to GDPR (19 pages)
Data Protection Network – Legitimate Interest guidance  (need to register to download the PDF)
Handbook on European data protection law – 2018 edition (402 pages)
IAPP – Privacy Tech Vendor Report
GDPR Fines Tracker

Example of a completed Data Protection Impact Assessment. This was done by the Metropolitan Police for a Live Facial Recognition trial. IMPORTANT NOTE: The criteria they use for evaluating risks and the legal requirements they operate under is different from a business.