Guidelines of the European Data Protection Board
The European Data Protection Board is responsible for the uniform application of the EU's General Data Protection Regulation (EUR-Lex) and the Data Protection Directive (EUR-Lex) applying to police and criminal justice authorities in the European Union.
The European Data Protection Board was established on 25 May 2018. Before the establishment of the European Data Protection Board, the Article 29 Working Party served as the cooperation body for data protection authorities in the EU.
Guidelines of the EDPB
Public consultation on guidelines on the EDPB's website
Open for public consultation until 27 January 2025: Guidelines 02/2024 on Article 48 GDPR
Adopted guidelines
Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive
Guidelines 01/2023 on Article 37 Law Enforcement Directive
Guidelines 9/2022 on personal data breach notification under GDPR (pdf)
Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority (pdf)
Guidelines 07/2022 on certification as a tool for transfers
Guidelines 06/2022 on the practical implementation of amicable settlements (pdf)
Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement (pdf)
Guidelines 04/2022 on the calculation of administrative fines under the GDPR (pdf)
Guidelines 02/2022 on the application of Article 60 GDPR (pdf)
Guidelines 01/2022 on data subject rights - Right of access
Guidelines 04/2021 on codes of conduct as tools for transfers (pdf)
Guidelines 03/2021 on the application of Article 65(1)(a) GDPR (pdf)
Guidelines 02/2021 on Virtual Voice Assistants (pdf)
Guidelines 01/2021 on Examples regarding Data Breach Notification (pdf)
Recommendations 01/2021 on the adequacy referential under the Law Enforcement Directive (pdf)
Guidelines 10/2020 on restrictions under Article 23 GDPR (pdf)
Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679 (pdf)
Guidelines 8/2020 on the targeting of social media users (pdf)
Guidelines 07/2020 on the concepts of controller and processor in the GDPR (pdf)
Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR (pdf)
Recommendations 02/2020 on the European Essential Guarantees for surveillance measures (pdf)
Guidelines 05/2020 on consent under Regulation 2016/679 (pdf)
Guidelines 4/2019 on Article 25 Data Protection by Design and by Default (pdf)
Guidelines 3/2019 on processing of personal data through video devices (pdf)
Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies (pdf)
Guidelines 4/2018 on the accreditation of certification bodies (pdf)
Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) (pdf)
Guidelines 2/2018 on derogations of Article 49 (pdf)
Guidelines that have gone through a public consultation but not yet adopted
Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR
Guidelines and recommendations of the Article 29 Working Party
Automated individual decision-making and profiling
Guidelines on Automated Individual Decision-making and Profiling for the Purposes (pdf)
Identifying the lead supervisory authority
Transparency
Guidelines on Transparency (pdf)
Consent
Data portability
Guidelines on the right to data portability (pdf)
Frequently asked questions: Data portability (pdf)
Data Protection Officers
Guidelines on Data Protection Officers (‘DPOs’) and frequently asked questions about DPOs (pdf)
Personal data breaches
Guidelines on Personal Data Breach Notification (pdf)
Impact assessments
Administrative fines
Guidelines on the application and setting of administrative fines (pdf)