General concepts -- Jurisdiction -- Scope -- Consent and using data -- Privacy policies, information notices -- An individual's right to be forgotten -- An individual's right to access their information -- An individuals' right to receive information in a portable format -- An individuals' right to fix their information -- Document retention -- Record keeping -- Governance -- Data security -- Data breaches -- Transferring data outside of the European Economic Area -- Service providers -- Fines -- Finding further guidance -- Specific situations -- Appendix A. Text of the GDPR -- Appendix B. Data protection authorities -- Appendix C. Countries recognized by the European Union as having an "adequate" level of data privacy and security laws -- Appendix D. Article 29 working party guidance