Overview of GDPR guidelines

Here you can find the GDPR guidelines published by the European Data Protection Board (EDPB). These guidelines clarify a number of subjects from the General Data Protection Regulation (GDPR). With this explanation of the GDPR, the EDPB provides organisations with practical guidance on implementing the privacy legislation in their work.

On this page

GDPR obligations and instruments

Restrictions (under Article 23 GDPR)

Certification and accreditation

Certification

Certification as a tool for transfers

Accreditation

GDPR certificate

Data protection impact assessment (DPIA)

Data protection impact assessment (DPIA)

Data Protection Officers (DPOs)

DPO information

Codes of conduct

Codes of conduct and supervisory bodies

Codes of conduct as tools for transfers

GDPR code of conduct

Legal bases

Consent

Agreement

Legal bases from the GDPR explained

Data breach notification obligation

Data breach notification obligation

Examples of the data breach notification obligation

Data breaches

Privacy by design and by default

Transparency

Right to information

Processing register

Keeping a processing register

Controller and processor

Controller and processor

International data traffic

For information on international data traffic, read: International

Lead supervisory authority

The role of the lead supervisory authority

International transfers

Exceptions

Certification as a tool for transfers

Codes of conduct as tools for transfers

Personal data transfers outside the EEA

Binding corporate rules (BCR)

Binding corporate rules (BCR)

Governmental organisations

Transfers for law enforcement

Internet and technology

Camera surveillance

Camera surveillance

Connected vehicles

Connected vehicles

Cookies and tracking

Facial recognition

Facial recognition

Profiling

Social media

Deceptive design

Targeting of users

Voice assistants

PSD2

Payment services

Rights of data subjects

Right of access

Right to data portability

Right to be forgotten

Limitations on the rights of data subjects

Privacy rights under the GDPR

Collaboration between data protection agencies

Fines

Amount of the fine

When can a fine be imposed

Lead supervisory authority

Amicable settlements

Relevant and reasoned objection

Territorial scope of the GDPR

Application of Article 60 GDPR

Application of Article 65(1)(a) GDPR

EDPB guidelines in consultation

In most cases, the EDPB first publishes a draft version of the guidelines. This version is open to public consultation during a specified period of time. Interested parties can then voice their opinion and concerns. After this consultation, the EDPB adopts the final version of the guidelines.

Currently these guidelines are open to consultation:

For these guidelines, the consultation is closed but the final version has not yet been adopted: