GDPR Resource Hub: Everything you need to know and where to find it

    Tim Roe | Compliance and Deliverability Director

    Our Compliance and Deliverability Director, Tim Roe, the Chair of the DMA GDPR task force, has put together this list of useful links from industry bodies, plus a lot of information he has written himself. Don’t forget he offers GDPR consultancy – so get in contact for more information.

    The following articles are digestible blogs and guides written by a myriad of experts, however scroll to the end of this list for the documents our Compliance Director can’t live without, they may be less digestible, but they are crucial! 

    We will be updating this list over time, so do check back!

    Tim's blogs on Econsultancy

    Moving On From GDPR: Being Transparent And Using It To Your Advantage

    Data Protection Impact Assessments & the GDPR: The Lowdown

    Cutting out the crap – the truth about the GDPR consent

    Focus on GDPR, but ignore e-Privacy at your peril

    RedEye’s own GDPR content


    Blog: GDPR, time to move on

    Video: GDPR - Where do I start?

    Video: What can your customers expect from you after GDPR?

    Video: Is a Data Protection Officer essential for GDPR?

    Video: GDPR - Tell me more about consent and legitimate interest

    Video: Actionable GDPR advice from the experts: RedEye & Smart Insights​ Webinar

    Blog: What is GDPR and why is it important?

    Infographic: Getting prepared for GDPR – A 12-step guide

    Blog: CDP & GDPR – A match made in Scrabble heaven

    Blog: Marketing consent and the GDPR – No really means no!

    Blog: Last Things First, Do I Need Consent, Or Can I Use Legitimate Interest?

    Blog: Data Protection Impact Assessments & the GDPR: The Lowdown

    White paper: What You Need to Know About GDPR and Marketing

    White paper: GDPR Checklist: The Key Actions to Take

    Great resources from the DMA


    GDPR for marketers: The essentials

    GDPR for marketers: Accountability

    The DMA’s own hub of resources to help you get prepared

    GDPR checklist for getting prepared

    Privacy notices - Why are they important to the GDPR?

    A data audit - The first step in GDPR compliance

    Resources from the Information Commissioner’s Office


    The ICO’s overview of the GDPR

    Preparing for the General Data Protection Regulation – 12 steps to take now

    Privacy notices, transparency and control – A code of practice on communicating privacy information to individuals

    Documents he can’t live without…seriously he carries these around in his bag day-to-day


    Article 29 data protection working party - Opinion 06/2014 on the notion of legitimate interests of the data controller

    Guidelines on Consent under Regulation 2016/679

    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (1)

    Article 29 data protection working party - Opinion 01/2017 on the Proposed Regulation for the ePrivacy Regulation

    Centre for Information Policy Leadership - Risk, High Risk, Risk Assessments and Data Protection Impact Assessments under the GDPR

    Article 29 data protection working party - Opinion 4/2007 on the concept of personal data

    Information and Privacy Commissioner of Ontario – Privacy by Design

    The Institute of Internal Auditors – Assessing the Adequacy of Risk Management

    Centre for Information Policy Leadership - Examples of Legitimate Interest Grounds for Processing of Personal Data

    Article 29 data protection working party - Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679

    European Data Protection Supervisor - Opinion on the Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation)

    Regulation of the European Parliament and of the Council - Concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)

    Information Commissioner’s Office – ICO GDPR Guidance: Contracts and liabilities between controllers and processors