- Data Protection Basics
- Data Sharing in the Public Sector
- Guidance on Requesting Personal Data from Prospective Tenants
- Data Subject Access Requests - FAQ
- Guidance on the Principles of Data Protection
- Guidance relating to third parties accidentally in receipt of personal data relating to other individuals
- Data Protection Considerations Relating to Receivership
- What should you be aware of online? Some common online risks
- Securing Cloud-based Environments
- Guidance for Organisations Engaging Cloud Service Providers
- Guidance on Connected Toys and Devices
- Guidance for Controllers on Data Security
- Guidance for Drivers on the use of "Dash Cams"
- Data Protection and Community Based CCTV Schemes
- Video Recording
- Guidance on Cookies and Similar Technologies
- Guidance on the Use of CCTV - For Data Controllers
- Guidance on the Use of CCTV - For Individuals
- Guidance for Organisations on Phishing and Social Engineering Attacks
- General Portable Storage Device Recommendations
- Guidance on Body Worn Cameras or Action Cameras
- Guidance on cookies and other tracking technologies
- Employer Vehicle Tracking
- Data Protection and Brexit – Frequently Asked Questions
- Quick Guide to GDPR Breach Notifications
- A Practical Guide to Personal Data Breach Notifications under the GDPR
- Data Breach Trends from the First Year of the GDPR
- Guide to Data Protection Impact Assessments (DPIAs)
- Transfers of Personal Data from Ireland to the UK in the Event of a 'No-Deal' Brexit
- Transfers of Personal Data to Third Countries or International Organisations
- Limiting Data Subject Rights and the Application of Article 23 of the GDPR
- Anonymisation and pseudonymisation
- Guidance on qualifications for DPOs (GDPR)
- Data Processing Operations that require a Data Protection Impact Assessment
- Guidance for Controllers on Data Security
- GDPR Guidance for SMEs
- Data Security Guidance for Microenterprises
- A Practical Guide to Controller-Processor Contracts
- Guidance on Legal Bases for Processing Personal Data
- Right to be Forgotten and Search Engines [version for public consultation]
- Data Protection by Design and by Default [version for public consultation]
- Processing of Personal Data through Video Devices
- Recommendation on the Draft List of the European Data Protection Supervisor Regarding Processing Operations Requiring a Data Protection Impact Assessment
- Processing Personal Data under the Legal Basis of Contractual Necessity in the Context of the Provision of Online Services
- Codes of Conduct and Monitoring Bodies
- Accreditation of Certification Bodies
- Territorial scope of the GDPR
- Derogations for Specific Situations Regarding International Transfers of Personal Data
- Certification and Identifying Certification Criteria
- Article 29 Working Party GDPR Guidelines, endorsed by EDPB
- Consent under the GDPR
- Transparency under the GDPR
- Automated Individual Decision-making and Profiling
- Personal Data Breach Notification under the GDPR
- The Right to Data Portability under the GDPR
- Data Protection Impact Assessment (DPIA) and Determining if Processing is "Likely to Result in a High Risk"
- Data Protection Officers (DPOs)
- Identifying a Lead Supervisory Authority (LSA) under the GDPR
- Derogations from the Obligation to Maintain Record of Processing Activities (ROPA)
- Co-operation Procedure for the Approval of Binding Corporate Rules
- Approval of Controller Binding Corporate Rules Form
- Approval of Processor Binding Corporate Rules Form
- Working Document on Binding Corporate Rules for Controllers
- Working Document on Binding Corporate Rules for Processors
- Working Document on Adequacy
- Guidelines on the Application and Setting of Administrative Fines