Useful Links

Introduction

The GDPR[gdpr) the [General Data Protection Regulation]gdpr, is enforceable from 25th May 2018, the law was passed into effect in 2016 and was then moved to a waiting phase to allow businesses and organisations to adapt. I will be discussing some of the aspects of the GDPR as I navigate helping businesses and organisations I am involved with change to reflect the new legislation.

In this article I am going to give you a huge long list of links that will help you navigate the official position on this complex piece of Legislation.

GDPR Useful Links

Get Safe Online

Get Safe Online is the UK’s leading source of unbiased, factual and easy-to-understand information on online safety. Get Safe Online is a public / private sector partnership supported by HM Government and leading organisations in banking, retail, internet security and other sectors.

• Get Safe Online
• Staff policies, Get safe online website
• Information access management, Get safe online website
• Viruses and spyware, Get safe online website
• Safe computer disposal, Get safe online website
• Physical security, Get safe online website
• Backups, Get safe online website
• Data encryption, Get Safe Online

National Cyber Security

The NCSC was set up to help protect our critical services from cyber attacks, manage major incidents, and improve the underlying security of the UK Internet through technological improvement and advice to citizens and organisations. Our vision is to help make the UK the safest place to live and do business online.

• National Cyber Centre
• Small businesses guidance, National Cyber Security Centre website
• Information risk management regime, in 10 steps to cyber security, National Cyber Security Centre
• Incident management, in 10 steps to cyber security, National Cyber Security Centre
• User education and awareness, in 10 steps to cyber security, National Cyber Security Centre
• Home and mobile working, in 10 steps to cyber security, National Cyber Security Centre
• Secure configuration, in 10 steps to cyber security, National Cyber Security Centre
• Removable media controls, in 10 steps to cyber security, National Cyber Security Centre
• User access control, in Cyber essentials, GOV.UK website
• Managing user privileges, in 10 steps to cyber security, National Cyber Security Centre
• Malware prevention, in 10 steps to cyber security, National Cyber Security Centre
• Monitoring, 10 steps to cyber security, National Cyber Security Centre
• Network security, in 10 steps to cyber security, National Cyber Security Centre
• Exporting and transferring electronic data, National Archives

National Archives

• National Archives
• Find out what information you have, National Archives
• Identify information assets, National Archives
• Information Asset Register template, National Archive
• Disposal of Records, National Archives
• Assessing managing risk, National Archives
• Organisational arrangements to support records management, in National Archives records management guide 2
• Records management policy, National Archives
• Managing digital records without an electronic record management system, National Archives
• Managing emails, National Archives
• Tracking Records, National Archives
• Exporting and transferring electronic data, National Archives

ICO

The ICO is the UK's independent body set up to uphold information rights. * ICO Website

Registration and Assessment

• Register [notify] under the Data Protection Act, ICO
• Self-assessment – do you need to register, ICO
• ICO fee and registration changes next year, ICO blog
• Registration FAQs, ICO

Personal Rights and Access

• How do I handle subject access requests, in ICO subject access requests code of practice
• Subject access requests code of practice, ICO
• Notification exemptions - a self-assessment guide to data protection, ICO
• Collecting information about your customers, in ICO small business checklist
• Privacy notices code of practice, ICO
• Data sharing checklist, ICO
• Governance, in ICO data sharing code of practice
• Guide to the GDPR - Lawful basis for processing, ICO website
• Guide to the GDPR - Consent, ICO website
• Guide to the GDPR - Applications - Children, ICO website
• Guide to the GDPR - Right to be informed, ICO website
• Guide to the GDPR - Right of access, ICO website
• Guide to the GDPR - Right to rectification, ICO website
• Guide to the GDPR - Right to restrict processing, ICO website
• Guide to the GDPR - Right to data portability, ICO website
• Guide to the GDPR - Rights related to automated decision making including profiling, ICO website

Privacy

• Think privacy toolkit, ICO website
• Think Privacy training, ICO website

Training and Employment Rights

• Training checklist for small to medium sized organisations, ICO website
• Draft GDPR contracts guidance, ICO website
• Guide to the GDPR - Contracts, ICO website
• Employment code of practice, ICO

Data Protection and Security

• Guide to the GDPR - Data protection by design and default, ICO website
• Guide to the GDPR - Data protection impact assessments, ICO website
• Guide to the GDPR - Data protection officers, ICO website
• Guide to the GDPR - Data breaches, ICO website
• Guide to the GDPR - Documentation, ICO website
• Security Guidance
• Information security, ICO Guide to data protection
• Outsourcing, ICO
• Cloud computing, ICO
• IT asset disposal, ICO
• Notification of data security breaches to the ICO, ICO
• Bring your own device (BYOD), ICO
• A practical guide to IT security, ICO
• Unnecessary services and default credentials, in Protecting personal data in online services, ICO
• Password storage, in Protecting personal data in online services, ICO
• Software security updates, in Protecting personal data in online services, ICO
• Inappropriate locations for processing personal data, in Protecting personal data in online services, ICO
• CCTV code of practice, ICO
• Privacy impact assessments code of practice, ICO

International Transfers of Data

• (Model contract clauses) International transfers of personal data, ICO
• Guide to the GDPR - International transfers, ICO website
• (Data controllers and data processors) what the difference is and what the governance implications are, ICO

Marketing

• Direct marketing checklist, ICO
• Consent, in ICO direct marketing guidance
• What counts as consent?, in Key definitions, ICO Guide to PECR
• Direct marketing checklist, ICO
• Buying a marketing list, in ICO direct marketing guidance
• Marketing calls, in ICO direct marketing guidance
• Marketing texts and emails, in ICO direct marketing guidance
• Electronic mail marketing, ICO marketing sector page
• Preventing direct marketing, in ICO Guide to data protection
• Direct marketing checklist, ICO
• Marketing mail, in ICO direct marketing guidance
• Postal marketing, ICO marketing sector page

Other

A range of other sites and resources that will help you understand this complex area

• Homepage of the GDPR
• Guidelines on Personal data breach notification under Regulation 2016/679, Article 29 Working Party
• Physical security, CPNI website
• Model contracts for the transfer of personal data to third countries, European Commission website
• Patch management, in Cyber security essentials, GOV.UK website
• The DMA Code, Direct Marketing Association website
• Helpful guidance on creating a clear desk policy, Privacy Sense
• Toolkit for managing paper records, Records Management Society

[Don't forget that you can join in this conversation by using the comments form at the bottom of the page or by tweeting at @shadowcat_mdk]