The European Data Protection Board (EDPB) is an independent body with legal personality, responsible for ensuring the consistent application of the General Data Protection Regulation (GDPR).
The EDPB succeeded the Article 29 Working party set upunder Article 29 of Directive 95/46/EC and is composed of the data protection authorities of Member States and the EDPS.
The EDPB acknowledged the continuity of the work provided by the Article 29 Working Party and published a list of G29 documents that it approved.
These documents are:
- Guidelines on consent under Regulation 2016/679, WP259;
- Guidelines on transparency under Regulation 2016/679, WP260;
- Guidelines on Automated individual decision-making and Profiling for the purposes o fRegulation 2016/679, WP251;
- Guidelines on Personal data breach notification under Regulation 2016/679, WP250;
- Guidelines on the right to data portability under Regulation 2016/679, WP242;
- Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processingis “likely to result in a high risk” for the purposes of Regulation 2016/679,WP248;
- Guidelines on Data Protection Officers (‘DPO’), WP243;
- Guidelines for identifying a controller or processor’s lead supervisory authority, WP244;
- Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR
- Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR, WP 263;
- Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules forthe Transfer of Personal Data, WP 264;
- Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rulesfor the Transfer of Personal Data, WP 265;
- Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules, WP 256;
- Working Document setting up a table with the elements and principles to be found in Processor Binding Corporate Rules, WP 257;
- Adequacy Referential, WP 254;
- Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679, WP 253.