├── GDPR.png
├── CONTRIBUTING.md
├── LICENSE
└── README.md


/GDPR.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/oppoverbakke/awesome-gdpr/HEAD/GDPR.png


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contribution Guidelines
2 | Add an issue or make a pull reqest according to these guidelines:
3 | - Search the list for existing resources to ensure it´s not a duplicate.
4 | - Put each resource/tool under the correct category.
5 | - Use the following format: `[Name](link) - Description.`
6 | - New categories or improvements to the existing categorisation are welcome.
7 | - Check your spelling and grammar.
8 | - You can also add related links and repositories in the end.
9 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | CC0 1.0 Universal
 2 | 
 3 | Statement of Purpose
 4 | 
 5 | The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work").
 6 | 
 7 | Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.
 8 | 
 9 | For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.
10 | 
11 | 1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following:
12 | 
13 |     the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;
14 |     moral rights retained by the original author(s) and/or performer(s);
15 |     publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;
16 |     rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;
17 |     rights protecting the extraction, dissemination, use and reuse of data in a Work;
18 |     database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and
19 |     other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.
20 | 
21 | 2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.
22 | 
23 | 3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.
24 | 
25 | 4. Limitations and Disclaimers.
26 | 
27 |     No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.
28 |     Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
29 |     Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.
30 |     Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.
31 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Awesome GDPR [![Awesome](https://awesome.re/badge-flat.svg)](https://awesome.re)
  2 | 
  3 | [<img src="GDPR.png" align="right" width="300">](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679)
  4 | 
  5 | The General Data Protection Regulation (GDPR) is a regulation on data protection and privacy for all individuals within the European Union and the European Economic Area. The regulation has increased the focus on privacy in companies and strengthened the data subjects influence.
  6 | 
  7 | ## Contents
  8 | * [Legal text](#legal-text)
  9 | * [Guidelines](#Guidelines)
 10 | * [Rights of the data subject (art. 12 - 23)](#rights-of-the-data-subject-art-12---23)
 11 | * [Privacy by Design - Guides for developers (art. 25)](#privacy-by-design---guides-for-developers-art-25)
 12 | * [Records of Processing (art. 30)](#records-of-processing-art-30)
 13 | * [Security (art. 32)](#security-art-32)
 14 | * [Incident management (art. 33 and 34)](#incident-management-art-33-and-34)
 15 | * [Data Protection Impact Assessments (DPIA, art. 35)](#data-protection-impact-assessments-dpia-art-35)
 16 | * [Tools](#tools)
 17 | * [Data Protection Authorities](#data-protection-authorities-art-51--59)
 18 | * [Organisations / Projects](#organisations--projects)
 19 | * [Publications](#Publications)
 20 | * [Solutions providers](#Solutions-providers)
 21 | * [Related](#Related)
 22 | 
 23 | ## Legal text
 24 | * [GDPR (2016/679)](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN) - Official version of GDPR.
 25 | * [GDPR-info](https://gdpr-info.eu/) - GDPR linked to relevant articles and section in the preamble (Non-official site).
 26 | * [GDPR-expert](https://www.gdpr-expert.com/home.html?mid=5) - Compare the Regulation, Directive and National legislation. Linked to relevant section in preamble (Non-official site).
 27 | * [GDPRhub -> GDPR Articles](https://gdprhub.eu/index.php?title=Category:GDPR_Articles) - GDPR articles included commentary.
 28 |   
 29 | ## Guidelines
 30 | * [Guidelines](https://edpb.europa.eu/our-work-tools/general-guidance/gdpr-guidelines-recommendations-best-practices_en) & [Opinions](https://edpb.europa.eu/our-work-tools/consistency-findings/opinions_en) from the European Data Protection Board (EDPB).
 31 | * [ICO: Guide to GDPR](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/)
 32 | * [Handbook on European data protection law ](https://publications.europa.eu/en/publication-detail/-/publication/5b0cfa83-63f3-11e8-ab9c-01aa75ed71a1) - Handbook issued by EU.
 33 | * [Factsheets](https://edps.europa.eu/data-protection/our-work/our-work-by-type/factsheets_en) - Factsheets from EU Data Protection Supervisor.
 34 |   
 35 | ## Rights of the data subject (art. 12 - 23)
 36 | * [Open source privacy notice template (Juro)](https://github.com/juro-privacy/free-privacy-notice)
 37 | 
 38 | ## Privacy by Design - Guides for developers (art. 25)
 39 | * [CNIL - GDPR Developer Guide](https://github.com/LINCnil/GDPR-Developer-Guide)
 40 | * [Norwegian DPA - Software development with Data Protection by Design and by Default](https://www.datatilsynet.no/en/about-privacy/virksomhetenes-plikter/data-protection-by-design-and-by-default/)
 41 | * [Data Pseudonymisation: Advanced Techniques and Use Cases](https://www.enisa.europa.eu/publications/data-pseudonymisation-advanced-techniques-and-use-cases/) - Report on pseudonymisation techniques from ENISA.
 42 | * [Anonymisation, pseudonymisation and privacy enhancing technologies guidance - ICO](https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/ico-call-for-views-anonymisation-pseudonymisation-and-privacy-enhancing-technologies-guidance/)
 43 | 
 44 | ## Records of Processing (art. 30)
 45 | * [Iubenda - Register of data processing activities](https://www.iubenda.com/en/internal-privacy-management)
 46 | 
 47 | ## Security (art. 32)
 48 | * [OWASP Top 10](https://owasp.org/www-project-top-ten/) - Top 10 Web Application Security Risks.
 49 | * [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/) - Concise collection of high value information on specific application security topics.
 50 | * [Anonymisation, pseudonymisation and privacy enhancing technologies guidance](https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/ico-call-for-views-anonymisation-pseudonymisation-and-privacy-enhancing-technologies-guidance/)
 51 | 
 52 | ## Incident management (art. 33 and 34)
 53 | * [ENISA: Recommendations for a methodology of the assessment of severity of personal data breaches](https://www.enisa.europa.eu/publications/dbn-severity)
 54 | * [Google, SRE: Managing Incidents](https://landing.google.com/sre/sre-book/chapters/managing-incidents/)
 55 | * [Troy Hunt: Data breach disclosure 101](https://www.troyhunt.com/data-breach-disclosure-101-how-to-succeed-after-youve-failed/)
 56 | * [Awesome Incident Response](https://github.com/meirwah/awesome-incident-response)
 57 | * [GDPR Enforcement Tracker](http://www.enforcementtracker.com/) - Overview of fines and penalties.
 58 | 
 59 | ## Data Protection Impact Assessments (DPIA, art. 35)
 60 | * [Open-source DPIA software from the French DPA](https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment)
 61 | * [Guidelines on Data Protection Impact Assessment (WP29)](https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236)
 62 | * [ISO-standard: Guidelines for privacy impact assessment](https://www.iso.org/standard/86012.html)
 63 | * [DPIA template from ICO](https://iapp.org/resources/article/sample-dpia-template/)
 64 | * [Public DPIA Teams OneDrive SharePoint and Azure AD](https://www.rijksoverheid.nl/documenten/publicaties/2022/02/21/public-dpia-teams-onedrive-sharepoint-and-azure-ad) -  DPIA of Microsoft Teams in combination with OneDrive, SharePoint Online and the Azure Active Directory.
 65 | 
 66 | ## Tools
 67 | * [Website Evidence Collector (WEC)](https://github.com/EU-EDPS/website-evidence-collector) - EDPS Inspection Software.
 68 | * [Data protection around the world](https://www.cnil.fr/en/data-protection-around-the-world) - (CNIL) Map of the level of data protection in each country. 
 69 | * [Data Protection Laws of the world](https://www.dlapiperdataprotection.com/) - (DLA Piper) Compare data protection laws around the world.
 70 |  
 71 | ## Data Protection Authorities (art. 51 -59)
 72 | * [European Data Protection Board](https://edpb.europa.eu/) - EDPB.
 73 | * [European Data Protection Supervisor](https://edps.europa.eu/) - EDPS.
 74 | * [European Union Agency for Network and Information Security (ENISA)](https://www.enisa.europa.eu/topics/data-protection) - ENISA.
 75 | * [List of Data Protection Authorities](https://pdpecho.com/the-list/)
 76 |   
 77 | ## Organisations / Projects
 78 | * [Electronic Frontier Foundation](https://www.eff.org/) - Nonprofit defending digital privacy, free speech, and innovation.
 79 | * [International Association of Privacy Professionals](https://iapp.org/) - A resource for privacy professionals.
 80 | * [Privacy International](https://www.privacyinternational.org) - Charity that challenges the governments and companies that want to know everything about individuals, groups, and whole societies.
 81 | * [NOYB](https://noyb.eu/) - Organisation that brings important issues to the attention of DPAs, enforces the law in civil court or directly engages with companies.
 82 | * [GDPR.eu](https://gdpr.eu/) - Resource for organisations and individuals researching the GDPR (Not official website).
 83 | * [CyLab Usable Privacy and Security Laboratory](https://cups.cs.cmu.edu/) - Research related to understand and improving the usability of privacy and security.
 84 | * [EPIC](https://epic.org/) - Electronic Privacy Information Center.
 85 | * [Future of Privacy Forum](https://fpf.org/) - Catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies.
 86 | * [W3C Privacy Interest Group](https://www.w3.org/Privacy/) - Leading the web to its full potential.
 87 | * [CISPE Code of Conduct](https://www.codeofconduct.cloud/) - Pan-European sector-specific code for cloud infrastructure service providers under Article 40.
 88 | 
 89 | ## Publications
 90 | * [GDPR Today](https://www.gdprtoday.org/) - Privacy news from the Open Rights Group.
 91 | * [Spread Privacy](https://spreadprivacy.com/) - DuckDuckGo Blog.
 92 | * [Freedom To Tinker](https://freedom-to-tinker.com/) - Blog from Princeton's CITP, a research center that studies digital technologies in public life.
 93 | * [pdpEcho](https://pdpecho.com/) - All about personal data protection and privacy, by Gabriela Zanfir-Fortuna.
 94 | * [GDPRhub](https://gdprhub.eu/) - Free and open wiki that allows anyone to find and share GDPR insights across Europe.
 95 |     
 96 | ## Related
 97 | * [Privacy Respecting](https://github.com/nikitavoloboev/privacy-respecting)
 98 | * [Awesome: Security](https://github.com/sindresorhus/awesome#security)
 99 | * [Awesome: Humane Tech](https://github.com/humanetech-community/awesome-humane-tech#readme)
100 | * [Awesome: Privacy](https://github.com/pluja/awesome-privacy#readme) - List of free, open source and privacy respecting services and alternatives to privative services.
101 | * [Developers Guide to HIPAA Compliance](https://github.com/truevault/hipaa-compliance-developers-guide)
102 | * [Analytics without cookies](https://www.gocookieless.com/)
103 | * [European web analytics services](https://european-alternatives.eu/category/web-analytics-services)
104 | * [EU Alternatives](https://dasprive.be/eu-alternatives/)
105 | 
106 | ## License
107 | [![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0/)
108 | 
109 | To the extent possible under law, Harald O. Bakke has waived all copyright and related or neighboring rights to this work.
110 | 


--------------------------------------------------------------------------------