Overview of GDPR guidelines

Here you can find the GDPR guidelines published by the European Data Protection Board (EDPB). These guidelines clarify a number of subjects from the General Data Protection Regulation (GDPR). With this explanation of the GDPR, the EDPB provides organisations with practical guidance on implementing the privacy legislation in their work.

On this page

GDPR obligations and instruments

Restrictions (under Article 23 GDPR)

Certification and accreditation

Certification

Certification as a tool for transfers

Accreditation

Data protection impact assessment (DPIA)

Data Protection Officers (DPOs)

Codes of conduct

Codes of conduct and supervisory bodies

Codes of conduct as tools for transfers

Legal bases

Consent

Agreement

Data breach notification obligation

Data breach notification obligation

Examples of the data breach notification obligation

Privacy by design and by default

Transparency

Processing register

Controller and processor

Internet and technology

Camera surveillance

Connected cars

Facial recognition

Profiling

Social media

Deceptive design

Targeting of users

Voice assistants

International data traffic

Lead supervisory authority

International transfers

Exceptions

Certification as a tool for transfers

Codes of conduct as tools for transfers

Binding corporate rules (BCR)

Governmental organisations

Transfers for law enforcement

PSD2

Rights of data subjects

Right of access

Right to data portability

Right to be forgotten

Collaboration between data protection agencies

Fines

Amount of the fine

When can a fine be imposed

Lead supervisory authority

Amicable settlements

Relevant and reasoned objection

Territorial scope of the GDPR

Application of Article 60 GDPR

Application of Article 65(1)(a) GDPR

EDPB guidelines in consultation

In most cases, the EDPB first publishes a draft version of the guidelines. This version is open to public consultation during a specified period of time. Interested parties can then voice their opinion and concerns. After this consultation, the EDPB adopts the final version of the guidelines.

Currently these guidelines are open to consultation: