TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

DPO Confessional | The GDPR in 20 Minutes Related reading: The IAPP DPO: Countdown to May 2018



In June of this year, I started an internship at the IAPP as the University of Maine School of Law’s inaugural Privacy Fellow. My goal was to spend the summer helping the IAPP’s Data Protection Officer, Rita Heimes, CIPP/US, CIPM, work toward IAPP compliance with the upcoming General Data Protection Regulation (effective May 2018). There was only one problem: I was completely new to the GDPR.


To get up to speed as quickly as possible, I turned to the GDPR section of the IAPP Resource Center. There, I reviewed the Top 10 Operational Impacts of the GDPR, webinars from the IAPP’s GDPR Comprehensives, and Angelique Carson’s podcast interviews with Chris Zoladz and Bojana Bellamy. I also found helpful the Bird & Bird Guide to GDPR.

When I was not “data mapping” or researching “spam” laws, I also worked on outlining the GDPR into a condensed, readable format. First, I read every line of the articles and tagged each subsection by issue. Second, I eliminated any redundant language from my outline but kept the accompanying source text with the outline for reference and accuracy. Third, I combined similar issues and tagged the headings for easy reading (e.g. related information in Articles 18, 19 or 23 is combined under “Restrictions of Processing” in the “Comprehensive Issue List”).

GDPR in 20 Minutes

The result is this tool, which we are calling “GDPR in 20 Minutes.” It is a list-formatted, re-organized and condensed version of the GDPR with the ability to view the complete articles if needed. My hope is that it will help someone who is new to learning the GDPR get up to speed as quickly and comprehensively as possible and perhaps even help more seasoned pros navigate the law more quickly. Through the opportunity to both learn about and implement the GDPR this summer, I am walking away with first-hand knowledge of privacy on the ground. If this tool can be of service to IAPP members, so much the better.

Explore the GDPR in 20 Minutes

Screen Shot 2017-08-12 at 4.10.42 PMLooking for a slimmed down version of the EU’s General Data Protection Regulation? The GDPR in 20 Minutes might just be your thing. List-formatted, in outline, this is a way of looking at the GDPR text in truncated fashion highlighting meaning, while providing links to relevant text you can expand to find a fuller picture. The text has also been reorganized to group information according to topic. Interested? Click here to check it out.


If you want to comment on this post, you need to login.

  • comment Dale Smith, Jr. • Aug 17, 2017
    Really nice job, Dan.  Provides a needed focal point for GDPR implementation teams.
  • comment Dan Scheib • Aug 17, 2017
    Where's the tool?
  • comment René Keiser • Aug 18, 2017
    This is indeed very helpful. It provides a good level of details, but is still easy to navigate and selected specific areas on which a reader may want to focus.
  • comment Shalini Sharma • Aug 21, 2017
    Very helpful.  Thank you.
  • comment Domenic S. DiLullo Jr. • Aug 25, 2017
    A good tool, though there is a product that is being offered from my recent GDPR Practitioner course training that I recently took in London. The training vendor has developed A bound book of the GDPR regulations with cross referenced recitals. Having this book has been an immensely valuable resource for to have. It's become my second privacy bible! :). The training vendor has made this bound book available for purchase. Follow this link...
  • comment Sławomir Kowalski • Aug 30, 2017
    Dan, in the introductory concepts you have written that GDPR applies to "processing of personal data which forms or is intended to form part of a filing system". I am not sure if this is entirely correct. Your approach suggests that the means of processing (automated or not) do not affect a judgment on GDPR applicability to processing of the data. My understanding of art. 3 is that GDPR applies to: (i) data processed by automated means regardless if personal data forms or is intended to form part of a filing system and (ii) data processed by other then automated means only when the personal data forms or is intended to form part of a filing system.
  • comment Praveen Nair • Sep 1, 2017
    This is really nice work Dan.
  • comment Sam Pfeifle • Sep 5, 2017
    Hi Sławomir - thanks for bringing that to our attention. Yes, in Article 2, we didn't get a bullet in for personal data processed wholly or partly in automated fashion. We have updated the tool.
  • comment Diganntaa Sircar • Sep 7, 2017
    Very comprehensive and useful. Very nice job Done, Dan.  Is it possible to have a PDF version of this, that will really help since it'll be handy too.  Thanks
  • comment Sam • Sep 7, 2017
    Sorry, due to the dynamic nature of the tool, it's not really replicable as a PDF.
  • comment Teresa Carano, CFC • Sep 11, 2017
    Well done, Dan.  Thank you for this tool.