"Open-source intelligence gathering and analysis (OSINT) techniques are no longer predominantly the remit of private investigators and journalists. An estimated 80-90% of data analysed by intelligence agencies is also now derived from publicly available material. Additionally, the massive expansion of the internet and, in particular, social media platforms, have made OSINT increasingly accessible to civilians who simply want to trawl the Web for information on a specific individual, organisation or product. In May 2018, the European Union’s General Data Protection Regulation (GDPR) was implemented in the UK through the new Data Protection Act, intended to secure personal data against unjustified collection, storage and exploitation. This document presents a preliminary literature review of work related to the GDPR and OSINT, which was collated as the basis for an as-yet-unpublished study evaluating the effects of the GDPR on OSINT capabilities in the UK. The literature reviewed is separated into the following six sections:‘What is OSINT?’,‘What are the risks and benefits of OSINT?’,‘What is the rationale for data protection legislation?’,‘What are the current legislative frameworks in the UK and Europe?’,‘What is the potential impact of the GDPR on OSINT?’, and ‘Have the views of civilian and commercial stakeholders been sought and why is this important?’. As OSINT tools and techniques are accessible to anyone, they have the unique capacity for being used to hold power to account. It is therefore important that new data protection legislation does not impede civilian OSINT capabilities." (Abstract)