GDPR Resource Hub: Everything you need to know and where to find it

Tim Roe | Compliance and Deliverability Director

Our Compliance and Deliverability Director, Tim Roe, the Chair of the DMA GDPR task force, has put together this list of useful links from industry bodies, plus a lot of information he has written himself. Don’t forget he offers GDPR consultancy – so get in contact for more information.

The following articles are digestible blogs and guides written by a myriad of experts, however scroll to the end of this list for the documents our Compliance Director can’t live without, they may be less digestible, but they are crucial! 

We will be updating this list over time, so do check back!

Tim's blogs on Econsultancy

Moving On From GDPR: Being Transparent And Using It To Your Advantage

Data Protection Impact Assessments & the GDPR: The Lowdown

Cutting out the crap – the truth about the GDPR consent

Focus on GDPR, but ignore e-Privacy at your peril

RedEye’s own GDPR content


Blog: GDPR, time to move on

Video: GDPR - Where do I start?

Video: What can your customers expect from you after GDPR?

Video: Is a Data Protection Officer essential for GDPR?

Video: GDPR - Tell me more about consent and legitimate interest

Video: Actionable GDPR advice from the experts: RedEye & Smart Insights​ Webinar

Blog: What is GDPR and why is it important?

Infographic: Getting prepared for GDPR – A 12-step guide

Blog: CDP & GDPR – A match made in Scrabble heaven

Blog: Marketing consent and the GDPR – No really means no!

Blog: Last Things First, Do I Need Consent, Or Can I Use Legitimate Interest?

Blog: Data Protection Impact Assessments & the GDPR: The Lowdown

White paper: What You Need to Know About GDPR and Marketing

White paper: GDPR Checklist: The Key Actions to Take

Great resources from the DMA


GDPR for marketers: The essentials

GDPR for marketers: Accountability

The DMA’s own hub of resources to help you get prepared

GDPR checklist for getting prepared

Privacy notices - Why are they important to the GDPR?

A data audit - The first step in GDPR compliance

Resources from the Information Commissioner’s Office


The ICO’s overview of the GDPR

Preparing for the General Data Protection Regulation – 12 steps to take now

Privacy notices, transparency and control – A code of practice on communicating privacy information to individuals

Documents he can’t live without…seriously he carries these around in his bag day-to-day


Article 29 data protection working party - Opinion 06/2014 on the notion of legitimate interests of the data controller

Guidelines on Consent under Regulation 2016/679

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (1)

Article 29 data protection working party - Opinion 01/2017 on the Proposed Regulation for the ePrivacy Regulation

Centre for Information Policy Leadership - Risk, High Risk, Risk Assessments and Data Protection Impact Assessments under the GDPR

Article 29 data protection working party - Opinion 4/2007 on the concept of personal data

Information and Privacy Commissioner of Ontario – Privacy by Design

The Institute of Internal Auditors – Assessing the Adequacy of Risk Management

Centre for Information Policy Leadership - Examples of Legitimate Interest Grounds for Processing of Personal Data

Article 29 data protection working party - Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679

European Data Protection Supervisor - Opinion on the Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation)

Regulation of the European Parliament and of the Council - Concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)

Information Commissioner’s Office – ICO GDPR Guidance: Contracts and liabilities between controllers and processors


RedEyeUK @RedEye UK