Overview of GDPR guidelines
Here you can find the GDPR guidelines published by the European Data Protection Board (EDPB). These guidelines clarify a number of subjects from the General Data Protection Regulation (GDPR). With this explanation of the GDPR, the EDPB provides organisations with practical guidance on implementing the privacy legislation in their work.
On this page
GDPR obligations and instruments
Restrictions (under Article 23 GDPR)
- Guidelines on restrictions under Article 23 GDPR
- Dutch translation: guidelines restrictions under Article 23 GDPR
Certification and accreditation
Certification
- Guidelines on certification and identifying certification criteria
- Dutch translation: guidelines certification
Certification as a tool for transfers
- Guidelines on certification as a tool for transfers
- Dutch translation: certificering als doorgifte-instrument
Accreditation
Data protection impact assessment (DPIA)
Data protection impact assessment (DPIA)
Data Protection Officers (DPOs)
Codes of conduct
Codes of conduct and supervisory bodies
- Guidelines on codes of conduct and monitoring bodies
- Dutch translation: guidelines gedragscodes en toezichthoudende organen
Codes of conduct as tools for transfers
- Guidelines on codes of conduct as tools for transfers
- Dutch translation: gedragscodes als instrumenten voor doorgifte
Legal bases
Consent
Agreement
- Guidelines on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects
- Dutch translation: guidelines uitvoeren overeenkomst
Legal bases from the GDPR explained
Data breach notification obligation
Data breach notification obligation
- Guidelines on personal data breach notification under GDPR
- Dutch translation: guidelines meldplicht datalekken
Examples of the data breach notification obligation
- Guidelines on Examples regarding Personal Data Breach Notification
- Dutch translation: guidelines voorbeelden van de meldplicht datalekken
Privacy by design and by default
- Guidelines on data protection by design and by default
- Dutch translation: guidelines privacy by design en default
Transparency
Processing register
- Position Paper on records of processing activities
- Dutch translation not available.
Controller and processor
- Guidelines on the concepts of controller and processor in the GDPR
- Dutch translation: guidelines over de begrippen 'verwerkingsverantwoordelijke' en 'verwerker' in de AVG
International data traffic
For information on international data traffic, read: International
Lead supervisory authority
- Guidelines for identifying a controller or processor’s lead supervisory authority
- Dutch translation: Identifying lead supervisory authority
The role of the lead supervisory authority
International transfers
- Guidelines on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR
- Dutch translation: guidelines interplay application of Article 3 and chapter V of GDPR
- Dutch translation of the text in the images in the attachment
Exceptions
Certification as a tool for transfers
- Guidelines on certification as a tool for transfers
- Dutch translation: certification as a tool for transfers
Codes of conduct as tools for transfers
- Guidelines on codes of conduct as tools for transfers
- Dutch translation: gedragscodes als instrumenten voor doorgifte
Personal data transfers outside the EEA
Binding corporate rules (BCR)
- Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Article 47 GDPR)
- Working Document on binding Corporate Rules for Processors
Governmental organisations
- Guidelines on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
- Dutch translation: guidelines doorgifte van persoonsgegevens tussen overheidsinstanties en -organen binnen en buiten de EER
Transfers for law enforcement
- Guidelines on Article 37 Law Enforcement Directive
- Dutch translation not available.
Internet and technology
Camera surveillance
- Guidelines on processing of personal data through video devices
- Dutch translation: guidelines cameratoezicht
Connected vehicles
- Guidelines on processing personal data in the context of connected vehicles and mobility related applications
- Dutch translation: guidelines connected vehicles
Cookies and tracking
- Guidelines on technical scope of art. 5(3) of ePrivacy Directive
- Dutch translation not available.
Facial recognition
- Guidelines on the use of facial recognition technology in the area of law enforcement
- Dutch translation: guidelines gebruik gezichtsherkenning bij rechtshandhaving
Profiling
- Guidelines on automated decision making and profiling
- Dutch translation: guidelines geautomatiseerde besluitvorming en profilering
Social media
Deceptive design
- Guidelines on deceptive design patterns in social media platform interfaces: how to recognise and avoid them
- Dutch translation not available.
Targeting of users
- Guidelines on the targeting of social media users
- Dutch translation: guidelines targeting gebruikers sociale media
Voice assistants
PSD2
- Guidelines on the interplay of the Second Payment Services Directive and the GDPR
- Dutch translation: guidelines wisselwerking PSD2 en AVG
Rights of data subjects
Right of access
Right to data portability
Right to be forgotten
- Guidelines on the criteria of the right to be forgotten in the search engines cases under the GDPR (part 1)
- Dutch translation: guidelines recht op vergetelheid
Limitations on the rights of data subjects
- Guidelines on restrictions under Article 23 GDPR
- Dutch translation: guidelines beperkingen rechten van betrokkenen
Collaboration between data protection agencies
Fines
Amount of the fine
- Guidelines on the calculation of administrative fines under the GDPR
- Dutch translation: guidelines berekenen administratieve boetes
When can a fine be imposed
- Guidelines on the application and setting of administrative fines
- Dutch translation: guidelines administratieve boetes
Lead supervisory authority
- Guidelines for identifying a controller or processor’s lead supervisory authority
- Dutch translation: guidelines bepalen leidende toezichthouder
Amicable settlements
- Guidelines on the practical implementation of amicable settlements
- Dutch translation: guidelines praktische uitvoering van minnelijke schikkingen
Relevant and reasoned objection
- Guidelines on relevant and reasoned objection under Regulation 2016/679
- Dutch translation: guidelines relevant en gemotiveerd bezwaar
Territorial scope of the GDPR
- Guidelines on the territorial scope of the GDPR
- Dutch translation: guidelines territoriaal toepassingsgebied AVG
Application of Article 60 GDPR
- Guidelines on the application of Article 60 GDPR
- Dutch translation: guidelines voor de toepassing van artikel 60 AVG
Application of Article 65(1)(a) GDPR
- Guidelines on the application of Article 65(1)(a) GDPR
- Dutch translation: guidelines voor de toepassing van artikel 65, lid 1, punt a, AVG
EDPB guidelines in consultation
In most cases, the EDPB first publishes a draft version of the guidelines. This version is open to public consultation during a specified period of time. Interested parties can then voice their opinion and concerns. After this consultation, the EDPB adopts the final version of the guidelines.
Currently these guidelines are open to consultation:
For these guidelines, the consultation is closed but the final version has not yet been adopted: