The European Commission has got information on the official website (ec.europa.eu):
The Norwegian Data Protection Authority (Datatilsynet) has made public a list of processing activities that we consider likely to result in a high risk to the rights and freedoms of data subjects and that always will require a DPIA. Such an assessment must be carried out before the processing of personal data is initiated.
The Norwegian Data Protection Authority has developed guidelines to help organisations understand and comply with the requirement of data protection by design and by default in article 25 of the General Data Protection Regulation.
We have among others cooperated with security professionals and software developers in public and private sector to create the guidelines.
You Decide is a teaching resource about privacy and digital responsibility for children and young people aged 9-18 years. It's used in more than twenty countries.
All the content is available in English, and you are free to share and adapt the content in your country.