List of Tools And Sources That Will Help Your Business Achieve GDPR Compliance

Everybody is talking about GDPR. Many organisations are spending time and money to cover all aspects of the General Data Protection Regulation. Many more offer fulfillment services.

GDPR interest over time

GDPR Interest over time | Source: Google Trends

For this reason we have gathered the information on the Web we have found most relevant – tools, training resources and certification information in one place.

Most of the sources listed below are either free of charge, or they have a free option.

GDPR self-assessment tools

The official website of the UK’s Information Comissioner’s Office has prepared lots of useful information in regards to data protection and more specifically to GDPR.

They have also provided several self-assessment tests which help organisations detect the main issues related to their data protection procedures.

gdpr-self-assessment

GDPR questionnaires providing useful information for each question | Source: ico.org.uk

Upon successful completion you are able to review detailed analysis of every answer along with recommendation.

self-assessment-requirements

GDPR Recommendations | Source: ico.org.uk

Unlike most of the similar questionnaires across the Web, the UK ICO ones are free of charge:

NB: There is a Data Protection fee applicable for all UK-based companies processing personal data. The fees may vary between £40 and £2,900. Every company can check whether they should pay a Data Protection fee by taking this free quiz published on the ICO’s official website.

Tools for keeping records of processing activities (as per Art. 30 from GDPR)

We reviewed the LogSentinel’s GDPR tool which helps organisations keep a proper tracking of all processing activities in our previous article: How to fulfill Art. 30 from GDPR (Records of processing activities)?

To summarize, this tool may help organisations comply with the GDPR by covering several areas, such as:

  • Keeping records of processing activities, in line with the authorities’best practices
  • Ensuring limited access to the platform (only those who have been granted with access will be able to review the information)
  • Easy integration between GDPR-related processes and logs (e.g. data breach-related processes)
  • Reduced risk of record deletion / data manipulation
  • Integration with data logs and other GDPR-related activities
GDPR Compliance tool

LogSentinel GDPR compliance tool

Another option for keeping records of processing activities is using a simple spreadsheet (Google Sheets, MS Excel, etc). This option has also been reviewed in the mentioned article.

There is a free option for using the LogSentinel GDPR Tool. Sign up now and check how to comply with Art. 30

Keeping digital evidence of different events

The General Data Protection Regulation required from the businesses to request a consent from their users and customers for any marketing-related activities, such as:

  • Mass mailing
  • Phone calls
  • Advertising, etc

To be on the safe side, we recommend to implement event tracking and log management software collecting digital evidences for a consent.

Such event management software is also supported by LogSentinel and can be tested for free. The log events collected by this software cannot be modified or deleted, which ensures that organisations can keep a legit digital evidence. It also allows management of different GDPR-related activities in one place, such as keeping a list of processing records, receiving alrets of data breach events, and reviewing user actions in real time.

Courses, DPO certifications and self-education

The Internet offers thousands of options to “Get GDPR-Certified”. However, according to the DPO standards published on the Official website of the European Commission,  the most relevant certification at this stage would be the one provided by:

The guidelines also state that the possession of such a certification should be considered as an asset by EU institutions/bodies when selecting their DPO.

Other sources of information and courses, which are not recognised by the EC, but are best for limited budget needs, are:

Udemy training courses

Udemy offers tens of GDPR-related courses covering different aspects – from GDPR-compliance guides to Information Security and DPO trainings. Some of them are free of charge. Every course can be rated by the trainees upon its completion so users can review the feedback before they enroll.

Cisco online learning programs (free InfoSec certification programs included)

Cisco Learning Center may help individuals increase their IT skills, including the Cyber Security aspects. They offer various solutions, and all of them are free of charge.

InfoSec and Data Privacy Training Materials by The National Institute of Health

The National Institute of Health have prepare 60 and 90-minute training courses in relation to Data Privacy and Information security.

Even though that the Institute is US-based the training materials can be found relevant for many EU-based companies especially if their business area is healthcare-related.

Cybrary

Cybrary is a library of various cyber security materials. A simple account creation allows you to access tons of useful materials and supercharge your cyber security knowledge for free.

Daily Security Tips & Lessons

Many websites provide a daily tip option in exchange for an e-mail.

The most popular ones that provide cyber security tips are Heimdal’s Daily Security Tip (providing every useful tips every day) and Cyber Security Course(delivered every 2 days)

Useful GDPR-Related Blog Articles

The following two articles provide a very useful and compressed information about the highlights of the GDPR that every organisation (and their IT team) needs to know: