European Data Protection Board (EDPB) Documents for GDPR

EU Article 29 Working Party GDPR Guidance

European Data Protection Board (EDPB) Documents for GDPR

The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities. On this page, Professor Solove has provided links to key GDPR documents released by the EDPB, as well as documents originally created by the Article 29 Working Party (WP29). The WP29 was succeeded by the EDPB who accepted all of the previously published works.


Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects – version for public consultation

EDPB Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 – version for public consultation

EDPB Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679). Annex 1 to the Guidelines 4/2018 – version for public consultation

EDPB Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) – version for public consultation

EDPB Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679. Annex 2 to the Guidelines 1/2018 – version for public consultation



Right to Data Portability (WP 242)

Guidelines on the right to “data portability” (wp242rev.01)

Data Protection Officers (WP 243)

Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)

Lead Supervisory Authority (WP 244)

Guidelines on the Lead Supervisory Authority (wp244rev.01)

Data Protection Impact Assessment (WP 248)

Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01)

Data Breach Notification (WP 250)

Guidelines on Personal data breach notification under Regulation 2016/679 (wp250)

Automated Individual Decision-Making and Profiling (WP 251)

Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251)

Administrative Fines (WP 253)

Guidelines on the application and setting of administrative fines (wp253)

Consent (WP 259)

Guidelines on Consent under Regulation 2016/679, wp259

Transparency (WP 260)

Guidelines on Transparency under Regulation 2016/679, wp260

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy and data security training. He also posts at his blog at LinkedIn, which has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum (Oct. 3-5, 2018 in Washington, DC), an annual event designed for seasoned professionals.

NEWSLETTER: Subscribe to Professor Solove’s free newsletter
TWITTER: Follow Professor Solove on Twitter.


Click here for more information about our
privacy awareness training for GDPRPrivacy Awareness Training - GDPR - TeachPrivacy 01