Practical and trustworthy GDPR guidance is a scarce online resource. This article will point out the 3 most relevant websites if you are looking for hands-on GDPR guidance.
“Is this methodology compliant with the General Data Protection Regulation?”
Even though this is one of the most common GDPR questions, it is also one that many businesses struggle to answer. Online articles usually cannot be applied to your business methodologies as they are either (a) too general, (b) too specific or (c) not trustworthy enough.
Therefore, we decided to take a different approach and provide you an overview of sources to consult on practical guidance.
1) ICO guide on GDPR
It is ideal for beginners due to the plain language, a few checklists and various examples. If you are a privacy professional or data protection officer, you can also use the guide to turn legalese into a language which employees actually understand.
About the ICO: The UK’s Information Commissioner’s Office (ICO) is an independent public authority set up to promote information rights and data privacy for individuals.
2) ICO checklists for data controllers & data processors
There is no quicker and easier way to cover the most important GDPR obligations, especially if you are not very familiar with the regulations. Those in charge of demonstrating GDPR compliance, can also use the checklists to identify open tasks and monitor the compliance progress.
3) EDPB/WP29 guidelines
The most comprehensive source to consult on any GDPR matter. If you are dealing with data privacy on a weekly or even daily basis, there is no way around these guidelines.
And if I still cannot find the right answer?
In many cases, you can reverse engineer the GDPR obligations your business needs to tackle as well. Please be aware of the risk involved, as this quick and dirty approach is based on the assumption that your competitors are fully aware of their GDPR obligations. However, you can still use it as an additional source of input and rough estimate of what might still be missing.