Privacy Data Protection Guidelines by the European Data Protection Board EDPB

EDPB GDPR Guidelines, Recommendations, Best Practices

Endorsement of GDPR WP29 Documents

During its first plenary meeting the European Data Protection Board endorsed the GDPR related WP29 Guidelines:

  1. Guidelines on consent under Regulation 2016/679, WP259 rev.01
    Superseded by Guidelines 05/2020 on consent under Regulation 2016/679
  2. Guidelines on transparency under Regulation 2016/679, WP260 rev.01
  3. Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679, WP251rev.01
  4. Guidelines on Personal data breach notification under Regulation 2016/679, WP250 rev.01
  5. Guidelines on the right to data portability under Regulation 2016/679, WP242 rev.01
  6. Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, WP248 rev.01
  7. Guidelines on Data Protection Officers (‘DPO’), WP243 rev.01
  8. Guidelines for identifying a controller or processor’s lead supervisory authority, WP244 rev.01
  9. Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR
  10. Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR, WP 263 rev.01
  11. Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data, WP 264
  12. Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rules for the Transfer of Personal Data, WP 265
  13. Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules, WP 256 rev.01
  14. Working Document setting up a table with the elements and principles to be found in Processor Binding Corporate Rules, WP 257 rev.01
  15. Adequacy Referential, WP 254 rev.01
  16. Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679, WP 253
Guidelines issued by the European Data Protection Board (EDPB)
09/2020
Relevant and reasoned objection under the GDPR
08/2020
 Targeting of social media users – public consultation version
07/2020
 Concepts of controller and processor in the GDPR
06/2020
Interplay of the Second Payment Services Directive and the GDPR – version for public consultation
05/2020
Consent under Regulation 2016/679 (GDPR)
04/2020
Use of location data and contact tracing tools in the context of COVID-19 outbreak
03/2020
Processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak
02/2020
Transfers of personal data between EEA and non-EEA public authorities and bodies
01/2020
Processing personal data in the context of connected vehicles and mobility related applications – version for public consultation
05/2019
Criteria of the Right to be Forgotten in the search engines cases under GDPR (part 1) version adopted after public consultation
04/2019
Article 25 GDPR Data Protection by Design and by Default – version for public consultation
03/2019
Processing of personal data through video devices – Adopted after public consultation
02/2019
Processing of personal data under 6(1)(b) GDPR in the context of the provision of online services to data subjects – version adopted after public consultation
01/2019
Codes of Conduct and Monitoring Bodies under Regulation 2016/679 – version adopted after public consultation
04/2018
Accreditation of certification bodies under Article 43 GDPR (Regulation 2016/679 – version adopted after public consultation
03/2018
Territorial Scope of Article 3 GDPR – version adopted after public consultation
02/2018
Derogations of Article 49 GDPR (Regulation 2016/679)
01/2018
Certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation (GDPR) – version adopted after public consultation
WP260 rev.01 Endorsed by the European Data Protection Board (EDPB)
Guidelines on transparency under the GDPR (Regulation 2016/679)
WP251 rev.01 Endorsed by the European Data Protection Board (EDPB)
Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679
WP250 rev.01 Endorsed by the European Data Protection Board (EDPB)
Guidelines on Personal data breach notification under the GDPR (Regulation 2016/679)
WP242 rev.01 Endorsed by the European Data Protection Board (EDPB)
Guidelines on the right to data portability under the GDPR (Regulation 2016/679)
WP248 rev.01 Endorsed by the European Data Protection Board (EDPB)
Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of GDPR (Regulation 2016/679)
WP243 rev.01 Endorsed by the European Data Protection Board (EDPB)
Guidelines on Data Protection Officers (DPOs)
WP244 rev.01 Endorsed by the European Data Protection Board (EDPB)
Guidelines for identifying a controller or processor’s lead supervisory authority
WP253 Endorsed by the European Data Protection Board (EDPB)
Guidelines on the application and setting of administrative fines for the purposes of the GDPR (Regulation 2016/679)

PRIVACY

Recommendations issued by the European Data Protection Board (EDPB)
01/2019
List of the European Data Protection Supervisor (EDPS) regarding the processing operations subject to the requirement of a data protection impact assessment (Article 39.4 of Regulation (EU) 2018/1725
WP 264
Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data
WP 265
Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rules for the Transfer of Personal Data

PRIVACY

Referentials issued by the European Data Protection Board (EDPB)
WP 254 rev.01
Adequacy Referential

PRIVACY

Working Documents
WP 257 rev.01
Working Document Setting up a table with the elements and principles to be found in Processor Binding Corporate Rules
WP 256 rev.01
Working Document Setting up a table with the elements and principles to be found in Binding Corporate Rules
WP 263 rev.01
Working Document Setting Forth a Co-operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR
Position Paper
Working Party 29
Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR

author avatar
Privacy Professor

Professor mr drs Romeo F. Kadir MA MSc LLM LLM (Adv) EMBA EMoC

At present Romeo Kadir serves as the President of the Global Association of Data Protection Professionals Europe (GADPPRO). GADPPRO is a thought leader self-regulatory association of data protection professionals based in the European Union, active around the globe and the first European Association of data protection professionals open for members outside the EU. Please visit www.gadppro.org for more information.

First appointed Data Protection Officer (DPO) ever in the Netherlands (European Union) at a semi-public entity. Seasoned European Privacy and Data Protection Expert (22+ years of practical experience in EU Privacy and Data Protection Law, Business Management, Compliance and Ethics).

Studied European and International Law, Political Sciences and Business Administration. Romeo Kadir is EIPACC EADPP Professor European Privacy & Data Protection Law at Universitas Padjadjaran UNpad (Indonesia) and Honorary Visiting Research Fellow with O.P. Jindal Global University (New Delhi), Senior Associate Fellow with Vidhi Centre for Legal Policy (New Delhi), Lecturer Science Honours Academy and Lecturer at the International Molengraaff Institute, Utrecht University (UU, Netherlands). In 2010 he was founder of the first European Data Protection Academy focusing on privacy-only executive education.

Present Occupations in European Data Protection Law

Member of the International Bar Association (IBA)
Member of the International Board of Experts with EuroPrivacy Certification Scheme (Geneva and Luxembourg)
Member of the International Strategic Board with EuroPrivacy Certification Scheme (Geneva and Luxembourg)
Member of the Swiss-Chinese Law Association (SCLA)

Former Occupations in European Data Protection Law

President European Institute for Privacy, Audit, Compliance & Certification (EIPACC)
Co-Founder/Vice-President European Association for Data Protection Professionals (EADPP)
Chair EADPP Certification Committee Data Protection Professionals,
Chair EADPP Academic Board
Chair EADPP Expert Committee on Cybersecurity
Chair EADPP Expert Committee on Artificial Intelligence (AI)
President Supervisory Board of the Dutch Privacy Complaints Office (NPKI)
Rapporteur to UN Monitoring Commission Human Rights on behalf of the Dutch Privacy Foundation (SPN)

Publications

'Handbook DPO - A Practical Guide', Privacy Publishing Group (2017)
Editor-in-Chief of ‘Data Protection Dictionary’, authored, edited and coordinated ‘Handbook for the Data Protection Officer – A practical Guide’, ‘The Ultimate GDPR Business Guide – Six Volumes’ and other relevant books in the field of privacy and data protection (www.dataprotectionbooks.com)

www.romeokadir.eu

You may also like

Children Safety Encryption www.privacad.com
Apple’s New Step to Protect Child Abuse via Encryption Feature
20 August, 2021
DNA Technology and Privacy www.privacad.com
DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
19 August, 2021
www.privacad.com
India accuses Twitter of not complying with new IT rules
18 August, 2021