Full Text of REGULATION (EU) 2016/679 – The regulation as passed into EU law
Article 29 Guidelines – guidelines on Consent, Transparency, Breach Notification, etc – all direct from the EU
Library of GDPR Documents – a number of documents for EU citizens and businesses on data privacy and GDPR

ICO Guide to GDPR – The periodically updated guide to the General Data Protection Regulation from the UK’s regulating body.

Lawful Basis for Processing – overview of the six available options for lawfully processing personal data.
Do you need to register with the ICO? – take the self-assessment guide to see if your organisation needs to register with the ICO
UK – Data Protection Fees – The ICO’s guide to Data Protection fees for UK organisations
GDPR Lawful Basis Interactive Guidance Tool – Might not give you a clear-cut answer, but will narrow down your options and help you to decide your best options for Lawful Basis. Give it a try!

Information Commissioner’s Office Blog – Useful to see the regulator’s take on interpreting and enforcing the GDPR

Google’s Product Privacy Guides – If you have a website that uses any of Google’s products, you’ll need to be familiar with their privacy policies and you’ll probably want to reference some of these in your own privacy policy.
Google’s help page on EU user consent policy – Google’s take on what action you need to take if you are a user of Google’s products and services. If you value your search ranking, best take their advice!
cookiechoice.org – Google’s site to help publishers with cookie consent. Check what’s required for GDPR and the ePrivacy Directive compliance.
UK Government’s Technology Code of Practice Collection – A useful collection of guidance on various tech areas including Data Protection and Security
Department for Education Data Protection Toolkit for Schools – Particularly useful for those working in the education sector, but lots of practical advice on data protection and GDPR compliance.
Crown Commercial Service – PPN – Procurement Policy Note from the CCS on the impact of GDPR on contracts and suppliers. Some takeaways on how you might want to deal with suppliers and ensure existing contracts are GDPR compliant.
Guidelines on the protection of personal data in IT governance and IT management of EU institutions – Not such a snappy title, but this is an important document that gives guidance for the EU’s own IT people on how to manage the protection of personal data. If you are an IT department looking for best practice for GDPR compliance, this should be a pretty good starting point.
Guidelines on the use of cloud computing services by the European institutions and bodies – Want to know how your cloud services impact on GDPR compliance? See how the EU itself does it.
Data Protection Commissioner – Ireland – a key player in the interpretation of GDPR. Why? Ireland is the ‘main establishment’ in the European Union for several of the large tech companies, so the data protection authority in Ireland will be the ultimately responsible body when dealing with cross-border cases where several national supervisory authorities are involved. Worth watching what happens in Ireland to get a sense of how GDPR will be interpreted in practice.
Ireland’s Guidance for Data Controllers – The Irish Data Protection Commissioner’s guidance for Data Controllers. Top tech companies based in Ireland will be taking this on board – maybe your organisation should be as well.
Guides for Direct Marketing – A number of guides on Direct Marketing from Ireland’s Data Protection Commissioner’s office.