GDPR guidlines: The top 3 websites

Practical and trustworthy GDPR guidance is a scarce online resource. This article will point out the 3 most relevant websites if you are looking for hands-on GDPR guidance.

“Is this methodology compliant with the General Data Protection Regulation?”

Even though this is one of the most common GDPR questions, it is also one that many businesses struggle to answer. Online articles usually cannot be applied to your business methodologies as they are either (a) too general, (b) too specific or (c) not trustworthy enough.

Therefore, we decided to take a different approach and provide you an overview of sources to consult on practical guidance.

1) ICO guide on GDPR

If you are looking for a translation of GDPR obligations into actionable insights, the ICO guide on GDPR is the source to choose.

It is ideal for beginners due to the plain language, a few checklists and various examples. If you are a privacy professional or data protection officer, you can also use the guide to turn legalese into a language which employees actually understand.

About the ICO: The UK’s Information Commissioner’s Office (ICO) is an independent public authority set up to promote information rights and data privacy for individuals.

2) ICO checklists for data controllers & data processors

To self-assess your GDPR compliance, you should take a look at the ICO checklist for data processors and data controllers.

There is no quicker and easier way to cover the most important GDPR obligations, especially if you are not very familiar with the regulations. Those in charge of demonstrating GDPR compliance, can also use the checklists to identify open tasks and monitor the compliance progress.

3) EDPB/WP29 guidelines

The most comprehensive source to consult on any GDPR matter. If you are dealing with data privacy on a weekly or even daily basis, there is no way around these guidelines.

About the EDPB: The European Data Protection Board (EDPB) is an independent European body which contributes to the consistent application of data protection rules throughout the European Union.

And if I still cannot find the right answer?

Take a look at the privacy notice/privacy policy of your direct competitors.

In many cases, you can reverse engineer the GDPR obligations your business needs to tackle as well. Please be aware of the risk involved, as this quick and dirty approach is based on the assumption that your competitors are fully aware of their GDPR obligations. However, you can still use it as an additional source of input and rough estimate of what might still be missing.


© 2018 by placense