Guidelines of the European Data Protection Board

The European Data Protection Board is responsible for the uniform application of the EU's General Data Protection Regulation and the Data Protection Directive applying to police and criminal justice authorities in the European Union.

The European Data Protection Board was established on 25 May 2018. Before the establishment of the European Data Protection Board, the Article 29 Working Party served as the cooperation body for data protection authorities in the EU.

Guidelines of the EDPB

Guidelines 2/2018 on derogations of Article 49

Guidelines 4/2018 on the accreditation of certification bodies

Guidelines and recommendations of the Article 29 Working Party

Automated individual decision-making and profiling

Guidelines on Automated Individual Decision-making and Profiling for the Purposes of Regulation 2016/679

Identifying the lead supervisory authority

Guidelines for identifying a controller or processor’s lead supervisory authority


Guidelines on Transparency under Regulation 2016/679


Guidelines on Consent under Regulation 2016/679

Data portability

Guidelines on the right to data portability

Frequently asked questions: Data portability

Data Protection Officers

Guidelines on Data Protection Officers (‘DPOs’)

Personal data breaches

Guidelines on Personal Data Breach Notification under Regulation 2016/679  

Impact assessments

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679