"So many books, so little time" said Frank Zappa.
And he was right. Especially with the dreaded Regulation becoming enforceable in about 108 days from the time of writing this post (mind you, I used this date calculator to get the exact number and scared the life out of myself when it returned 80 days - had put in March as a starting date by mistake). I think a lot of us will be frantically looking up articles and resources online on the topic. And now there is just too much written about it. A lot of it is opinion, a lot of it is outdated but, some of it is really good.
I am just finishing the second edition of "EU General Data Protection Regulation - An Implementation and Compliance Guide" by ITGP Privacy Team and would like to recommend it to anybody who is looking into preparing their organization for the new law. It contains no faff, just useful and actionable points that help you see GDPR in the light of information security and data privacy. It would be extremely useful to read it together with your Head of IT or CTO, as they would be the owner of a lot of the tasks and processes central to compliance. You will probably also realize that they are already working on a lot of aspects of it, even if not under the big GDPR banner, but simply security and protection.
If you are looking for the best explainer on consent, however, this is probably not it. For this, I would recommend the ICO draft guidance (remember, it will change). But GDPR is not just about consent, it is an all-encompassing and complex law about data security and individuals' rights, so you need to look way beyond consent to adequately start preparing your organization for it. And breaking it down into logical and actionable steps is exactly what this 200-odd page book excels at.
The updated second edition of the bestselling guide to the changes your organisation needs to make to comply with the EU GDPR.