In June of this year, I started an internship at the IAPP as the University of Maine School of Law’s inaugural Privacy Fellow. My goal was to spend the summer helping the IAPP’s Data Protection Officer, Rita Heimes, CIPP/US, CIPM, work toward IAPP compliance with the upcoming General Data Protection Regulation (effective May 2018). There was only one problem: I was completely new to the GDPR.
Resources
To get up to speed as quickly as possible, I turned to the GDPR section of the IAPP Resource Center. There, I reviewed the Top 10 Operational Impacts of the GDPR, webinars from the IAPP’s GDPR Comprehensives, and Angelique Carson’s podcast interviews with Chris Zoladzand Bojana Bellamy. I also found helpful the Bird & Bird Guide to GDPR.
When I was not “data mapping” or researching “spam” laws, I also worked on outlining the GDPR into a condensed, readable format. First, I read every line of the articles and tagged each subsection by issue. Second, I eliminated any redundant language from my outline but kept the accompanying source text with the outline for reference and accuracy. Third, I combined similar issues and tagged the headings for easy reading (e.g. related information in Articles 18, 19 or 23 is combined under “Restrictions of Processing” in the “Comprehensive Issue List”).
GDPR in 20 Minutes
The result is this tool, which we are calling “GDPR in 20 Minutes.” It is a list-formatted, re-organized and condensed version of the GDPR with the ability to view the complete articles if needed. My hope is that it will help someone who is new to learning the GDPR get up to speed as quickly and comprehensively as possible and perhaps even help more seasoned pros navigate the law more quickly. Through the opportunity to both learn about and implement the GDPR this summer, I am walking away with first-hand knowledge of privacy on the ground. If this tool can be of service to IAPP members, so much the better.