However, businesses on the Island subject to the GDPR should look firstly to guidance and advice from the European Data Protection Board (currently known as the Article 29 Working Party) and then to guidance issued by the supervisory authority in the relevant EU Member State (i.e. where goods and services are primarily offered).
The European Data Protection Board/EU Article 29 Working Party
These legal guidelines should be the first resources to consider for any compliance or interpretative considerations.
The guidelines issued to date cover:
- data portability
- data protection officers
- lead supervisory authority
- data protection impact assessments
The UK Information Commissioner
There is section of the website dedicated to the GDPR.
In particular, there is a section on 'documentation' which includes a checklist and templates for controllers and processors to use to document the processing of personal data.
The Irish Data Protection Commissioner
An introductory document has been released for organisations to help them in preparing for GDPR. “The GDPR and You” lists 12 steps which organisations should be taking to be GDPR ready by 25 May 2018.
- *NEW* SME Guide
- The UK National Cyber Security Centre has published a cyber security guide for charities and one for small businesses, although these can be informative for any size organisation
- The European Commission "Data protection - Better rules for small business"
- The New Zealand Information Commissioner has published guidance on privacy impact assessments.
- Other resources are available including guidance and advice from law firms such as Bird & Bird, Hunton & Williams, Eversheds, 11KBW, Hogan Lovells, DLAPiper microsite, the IAPP and many others.