Governance-Risk-Compliance-Toolbox

Data Protection Guidance

Data Subject Rights

• EDPB Guidelines 01/2022 on data subject rights - Right of access Brief description: EDPB guidance on how controllers should handle access requests, scope the response, and implement the right of access in practice. Topic: Data subject rights, access requests, GDPR

Legal Basis And Online Services

• EDPB Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR Brief description: Guidance on when processing is genuinely necessary for the performance of a contract, especially in the context of online services. Topic: Legal basis, contracts, online services

International Transfers And Government Requests

• EDPB Guidelines 02/2024 on Article 48 GDPR Brief description: Guidance on GDPR Article 48, focusing on requests from third-country authorities or courts for personal data and the conditions for lawful disclosure. Topic: International transfers, government access requests, GDPR

• Transfer Impact Assessment - Practical Guide (CNIL) Brief description: A practical CNIL guide to assessing risks around international data transfers and documenting transfer impact assessments. Topic: International transfers, TIA, Schrems II

Breach Notification And Technical Guidance

• EDPB Guidelines 9/2022 on personal data breach notification under GDPR Brief description: Guidance on how to assess, document, and notify personal data breaches under the GDPR, with practical value for incident response and audit preparation. Topic: Data breaches, incident response, GDPR

• CNIL Recommendation on the use of APIs for the secure sharing of personal data (French) Brief description: CNIL technical recommendations for using APIs to share personal data securely, with a focus on security controls and data protection by design. Topic: APIs, secure data sharing, technical guidance

This site is open source. Improve this page.