Guidelines of the European Data Protection Board

The European Data Protection Board is responsible for the uniform application of the EU's General Data Protection Regulation and the Data Protection Directive applying to police and criminal justice authorities in the European Union.

The European Data Protection Board was established on 25 May 2018. Before the establishment of the European Data Protection Board, the Article 29 Working Party served as the cooperation body for data protection authorities in the EU.

Guidelines and recommendations of the Article 29 Working Party

Automated individual decision-making and profiling

Guidelines on Automated Individual Decision-making and Profiling for the Purposes of Regulation 2016/679

Identifying the lead supervisory authority

Guidelines for identifying a controller or processor’s lead supervisory authority


Guidelines on Transparency under Regulation 2016/679


Guidelines on Consent under Regulation 2016/679

Data portability

Guidelines on the right to data portability

Frequently asked questions: Data portability

Data Protection Officers

Guidelines on Data Protection Officers (‘DPOs’)

Personal data breaches

Guidelines on Personal Data Breach Notification under Regulation 2016/679  

Impact assessments

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679