The months leading up to May 25, 2018 produced a steady barrage of articles urging organizations to get ready for the GDPR and warning about the consequences of failing to comply.
After May 25? . . . To be honest, not much. There are still lots of articles — “Tips For What Comes After,” “What to Watch For” — but no big stories. And therefore, it has been tempting to take a bit of a snooze.
But not so fast. Just because the headlines haven’t been filled with stories about violations and massive fines, that doesn’t mean you can sit back and do nothing if you’re operating within reach of the GDPR. The GDPR became fully enforceable on May 25, 2018, and fines for non-compliance can reach up to 20 million Euros or 4 percent of an organization’s annual global turnover for the preceding financial year, whichever is higher.
While it’s too early for these fines to have been imposed, it’s not too early to take another look at the GDPR and then strategically determine what you still need to do to ensure that your systems and processes are protecting your organization and your customers’ data.
Our advice? If you come under the GDPR — which is binding and applicable without the need for national governments to pass any enabling legislation — do your homework, shore up any deficiencies, and take whatever measures you need to become compliant or to maintain compliance.
And remember: While there are challenges to the GDPR, there are also opportunities, including the opportunity to create visibility and control over the data in your systems as well as the opportunity to build greater trust with your customers.
To help you out, we’ve put together this catalogue of 45 useful and informative resources that provide guidance on an extensive array of GDPR-related issues and topics.
Note: There’s no implied ranking, preference, or endorsement in the lists that follow. All the resources provide great information on different aspects of the GDPR.
How Threat Stack Can Help You With the GDPR
There’s a lot to the new regulation, and it’s easy to get stuck in the details. To help, Threat Stack offers an array of resources and tools:
- If you’re looking for insights into how the GDPR impacts your organization and what you can do, take a look at our website, watch our webinar on GDPR readiness, or download our GDPR Compliance Checklist.
- If you’re interested in simplifying GDPR compliance monitoring, discover how the Threat Stack Cloud Security Platform® can help.
- To obtain an insight into how you can strengthen infrastructure and evolve operational workflows to manage risk and compliance, including the GDPR, please review the Threat Stack® Cloud SecOps Maturity Framework, and feel free to complete the SecOps Maturity Assessment.
45 GDPR Resources
While Threat Stack aims to provide helpful information, other organizations have also created valuable resources covering the ins and outs of the GDPR. In the following sections, we’ve compiled a list of 45 informative resources that cover various aspects of the GDPR and how it affects companies in different locations and industries. Take some time browse these to make sure you’re not leaving your customers’ data — and your organization — at risk. We’ve grouped resources in the following categories:
- PDFs and Guides
- Slide Decks
- Additional Threat Stack GDPR Resources
1. PDFs and Guides
For a quick overview of top security and compliance issues, including the GDPR, download a copy of Threat Stack’s 5 Security and Compliance Issues Your SaaS Company Should be Aware Of.
Knowit Secure’s Anna Borg summarizes the basics of the GDPR and highlights the key focus areas that companies should be prioritizing, followed by a valuable illustration of the “road to compliance,” including a detailed discussion of each phase along the path to GDPR compliance.
- The why, what, where, and when of GDPR
- Areas you should be focusing on right now
- The main challenges of GDPR compliance
IAPP specializes in training professionals to manage risks to organizations and the data they hold. They’ve created a nice guide highlighting the basics of what organizations must do to remain compliant, and you’ll also find some other helpful resources on the GDPR here.
- What consumers can do
- What regulators can do
- What organizations must do
IT Governance provides risk management guidance to leading corporations around the world. This guide goes over each of the 11 chapters that make up the GDPR regulation.
- An overview of the regulatory landscape
- Remedies, liabilities, and penalties
- Data breach notification rules
Intersoft Consulting helps companies by assisting them with business management services. Based in Stuttgart, Germany, they have a vested interest in knowing as much as possible about the impacts of the GDPR. This comprehensive 99 page guide is searchable, so you can quickly find the details you need.
- Rights of the data subject
- Cooperation and consistency
- Provisions related to specific processing situations
This international law firm services many businesses in the technology sector, so naturally, they have an interest in understanding how GDPR violations would affect their clients. This comprehensive report covers everything from core principles to individual rights, enforcement, and more.
- Sensitive data and lawful processing
- Right to erasure and restriction of processing
- Data governance obligations
6. Preparing for Compliance with the General Data Protection Regulation (GDPR) A Technology Guide for Security Practitioners
The SANS Institute trains security professionals to handle cyber and information security threats to companies. They’ve created a guide that explains the purpose of the GDPR and its effects on those tasked with providing security.
- Sections of the GDPR applicable to information security technology
- Steps for implementing security technology for GDPR compliance by a larger multinational organization
- The chain reaction to a data breach notification
Accountancy Europe brings together 51 different organizations representing over a million accountants from all over the world. In this report, they review how the GDPR regulations apply to those in the industry.
- Role of practitioners in data protection
- Principles for processing personal data
- Data rights
Actiance is a leader in communications compliance, analytics, and archiving. In this Osterman Research White Paper, they’ve highlighted how the GDPR impacts those managing security and data protection programs.
- The regulatory imperative of the GDPR
- GDPR requirements
- Technologies required for GDPR compliance
The Canadian Trade Commission operates trade offices throughout Canada. They explore what impacts the GDPR will have on Canadian interests.
- What it means for Canadian firms
- What’s new with the GDPR
- Canada’s adequacy decision by the EU
Shopify is an e-commerce platform that helps merchants sell their products on the internet. Since their clients sell to people all over the world, they want to make sure they provide clarity around what to expect from GDPR regulations.
- Who the GDPR applies to
- Controller vs. processor status
- Legal basis for processing
KMPG helps companies with audits and taxes, and provides advisory services when needed. Their guide tells companies what to expect with the rollout of the new GDPR regulations.
- New responsibilities for data processors
- Data breach reporting
Cylance builds antivirus programs and other software that’s used by many companies with a global reach. Their document goes over the impact that the GDPR will have on data protection.
- Summary of the GDPR
- Why it matters
- Recommended actions
MapR’s AI and data analytics platform is used by many top firms across different industries. They teamed with Talend, a software vendor, to explain how to use a data hub to help with data protection and to comply with GDPR regulations.
- Why GDPR and data governance, and why now?
- Drawing the roadmap for the GDPR
- Setting up the GDPR foundations with a data hub
Some of the largest companies in the world use Amazon Web Services’ cloud platform to manage their data. Amazon understands the importance of following GDPR regulations as they interact with businesses from around the world.
- The CISPE Code of Conduct
- Data access controls
- Strong compliance framework and security standards
15. GDPR Compliance
The EU GDPR Institute helps companies understand how to comply with GDPR regulations. Their presentation provides a roadmap and highlights different tools that are available to assist them in this effort.
- Project scope and data inventory
- Accesses, consents, and requests
- Privacy Impact Assessments
This presentation from Infosecurity Europe focuses on the accountability principle outlined in the GDPR. It covers the different lifecycles and how they could be implemented by organizations.
- The GDPR Accountability Principle
- The accountability lifecycle
- Accountability lifecycle activities
Microsoft Cloud’s GDPR presentation discusses the effects of the GDPR on users of their services. They talk about what changes to expect and how to navigate them.
- Key changes to address the GDPR
- What this means for your data
- Preparing for the GDPR
This guide provides concrete steps that companies can take to prepare for GDPR regulations. It discusses what weaknesses to look for and how to address them.
- Become accountable
- Learn about legal grounds
- Communication and consent
Joomla expert and Data2.eu co-founder Sigrid Gramlinger-Moser provides insight into what to expect from the newly implemented GDPR regulations.
- Personal data, including special categories
- How you can comply
- The processing index
This presentation provides an overview of the principles of the GDPR. It also outlines the responsibility of organizations in complying with the new rules.
- 6 principles of the GDPR
- 12 steps to take now
Womble Bond Dickenson LLC is a transatlantic law firm that makes its services available around the world. This guide reviews the legal impacts of the GDPR regulations.
- What the GDPR changes
- How it applies to US companies
- Key requirements under the GDPR
2. Slide Decks
22. GDPR Conference
The Norfolk Chamber of Commerce, one of 52 accredited Chambers by the British Chambers of Commerce, delivered this conference about the GDPR. A variety of expert speakers took part, offering legal, marketing, IT, and data protection perspectives.
- GDPR and the “consent” myth
- Consent under the GDPR
- Data breach examples
23. GDPR For Dummies
IBM’s presentation is designed to inform those not familiar with the regulation or how it could potentially impact their interests.
- Requirements for companies
- Appropriate safeguards
The University of Glasgow attracts students from every corner of the world. They created this simple presentation to explain what the regulation means to those attending the college.
- Changes to privacy notices and consent
- Data protection by design
- Breach reporting and sanctions
This presentation, sponsored by IDERA Software and delivered by Senior Product Manager Kim Brushaber, provides education on different data topics to IT professionals. This presentation takes those unfamiliar with the GDPR through the most important points of the new regulation.
- Why we need the GDPR
- Who is responsible
- Other GDPR considerations
Informatica helps companies tap into the power of their data to drive intelligent disruption. The company’s Head of Solutions & Data Governance – EMEA-LA, Andrew Joss, delivers this presentation on the importance of compliance with the GDPR.
- What the GDPR is NOT
- The potential for value
- Using simple questions to understand data entry points
Microsoft put this presentation together to highlight the most important implications of the GDPR.
- Risks of non-compliance
- What transparency means
- Privacy by design and by default
E2BN gets the help of other local organizations to provide schools with access to safe broadband services. Their presentation surveys what schools need to do to prepare for the rollout of GDPR regulations.
- Preparing for compliance
- Your school’s role
- Reasons to process data
Accenture helps companies develop strategies for managing company services like technology, consulting, and operations. This presentation lets clients know what changes to expect with the implementation of the new GDPR.
- Records and conditions of processing
- Data subject rights
- Privacy, security, and breach management
Software engineer Bozhidar Bozhanov looks at the GDPR from the perspective of a developer. He highlights different concerns to look for when implementing system upgrades for compliance.
- Pros and cons of the GDPR
- GDPR functionalities
Infosec Institute organizes boot camps and training seminars to educate technology professionals on various IT and security topics. Their presentation goes over what companies can expect with the rollout of the new GDPR regulations.
- Data types regulated under the GDPR
- Steps to becoming GDPR compliant
- Consequences of non-compliance
This presentation looks at how the GDPR impacts authors and writers working on the web. It speaks about how to manage the collection of information for mailing lists and other items they sell.
- Changes to mailing lists for compliance
- Landing page wording
- 4 GDPR best practices
This video by SmartSimple Software goes over key principles of the GDPR regulations. They emphasize the impact of the regulations on firms based in Europe and those working remotely with European clients.
- Key principles and changes
- How will your organization be affected?
- Tips and steps to ensure compliance
Jodi Daniels, data privacy expert and former SVP of Enterprise Privacy Compliance at Bank of America, breaks down the important points of the GDPR in this webinar for BetterCloud. Her explanations clarify subjects for those not familiar with the policies.
- Actionable steps to achieve compliance
- Data types and minimum requirements
- Costs and consequences of non-compliance
Rackspace hosts and provides different cloud services to business clients. They, along with customer and special guest People HR, provide you with insight into how they help manage the GDPR for cloud customers.
- Security and compliance considerations
- Project timeline: protect, detect, secure
This webinar goes over what businesses large and small need to be aware of when it comes to GDPR regulations. You’ll hear details about the consequences of failing to do enough to fall in line with the new standards.
- The data security landscape
- New EU data rules
In this presentation delivered via an RSA Conference virtual session, John Elliott, easyJet’s head of payment security, takes the lead in walking viewers through what to expect from the GDPR. He explains why it’s important to do what’s needed to make sure you’re protecting data in a way that conforms to the new policies.
- What does compliance look like?
- Regulatory zones of compliance
- Core data protection principles
Marketo provides automation software to marketers help them manage different campaigns. They provide insight into how their company helps customers prepare for the new GDPR regulations.
- An overview of the GDPR
- The GDPR and the marketer
- Implications for marketing
Nuix, a technology company based in Australia, provides software designed to manipulate data based on the needs of business customers. This panel discussion reviews the importance of understanding the impacts of the GDPR.
- Impacts for business, law enforcement, and regulators
- Processes and procedures to ensure compliance
- The GDPR’s impact on innovation and the use of big data
This video helps Google Analytics users understand how to bring their accounts into compliance with GDPR standards. They focus on handling the capture of information with cookies.
- Impact of retaining user data on compliance
- How long you can retain user data
- Using cookie consent notifications
WPCrafter provides advice and tutorials to non-technical WordPress developers. He explains the opportunity available to developers to bring websites up to GDPR standards by gaining a deep understanding of the underlying principles.
- The GDPR for websites
- Disclosure forms
This video guides business owners through the process of building an implementation plan to address handling GDPR regulations. It’s designed to allow for a consistent approach to addressing weak points throughout the organization.
- The current GDPR landscape
- Designing a GDPR implementation plan: common pitfalls
- Methods for building and communicating an implementation plan
This video provides insight from two developers looking to help others find out how the new law impacts the work they do for clients. They cover general development and event-sourced architecture.
- When to process personal data
- Asking for consent
- Limiting data retention
Several top technology experts and solutions architects take the time to guide those tasked with data protection through what they need to understand. They explain what can be done to keep the rights of their users protected in ways that meet GDPR guidelines.
- Industry need for the GDPR
- Key changes to address the GDPR
- 5 core GDPR rules
Technology firm and IBM partner pr3systems provides some insight into IBM’s approach to preparing for the GDPR. They went with an end-to-end holistic method to make sure they met the stringent new standards.
- Who should care about GDPR?
- Biggest challenges
- 5 key areas to address
Additional Threat Stack GDPR Resources
For good measure, we’re also throwing in the following Threat Stack blog posts that provide insights into specific aspects of the GDPR:
- Group Fines Under the GDPR
- GDPR: What Compliance Says vs. What DevOps Hears
Are You Ready for GDPR? Here’s a Checklist
GDPR: What is the Right to Erasure?
T-72 Hours to Report a Breach – Are You GDPR Ready?
GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps
5 Things Your SaaS Company Should Know About GDPR
And finally, feel free to download these ebooks prepared by Schellman & Company for information and guidance on GDPR: