GDPR

Elenco dei principali documenti adottati e pubblicati dal comitato europeo per la protezione dei dati

Fonte: sito web del Comitato europeo per la protezione dei dati (EDPB).

Abbiamo raccolto i principali riferimenti della produzione documentale dell’EDPB così come pubblicati sul loro sito istituzionale.

Il nostro obiettivo è quello di proporre una risorsa che offra una panoramica sui principali provvedimenti emessi dall’EDPB per agevolare i professionisti della privacy e le persone che si occupano di protezione dei dati e privacy nelle attività di lavoro e di studio.

La pagina è comunque in continuo aggiornamento.

Nella tabella, le date in grassetto si riferiscono agli ultimi documenti.

Restate sintonizzati!

Dopo la seguente tabella, potete trovare tutti i documenti chiave adottati e pubblicati dall’EDPB, ordinati per anno.


Tabella delle Guideline EDPB ordinate per anno


YearG. Nr.TopicAdoptedversionGDPR
2022Guidelines 05/2022the use of facial recognition technology in the area of law enforcement12/5/20221.0-PC60
2022Guidelines 04/2022the calculation of administrative fines under the GDPR12/5/20221.0-PC83
2022Guidelines 3/2022Dark patterns in social media platform interfaces: How to recognise and avoid them14/3/2022PC
2022Guidelines 02/2022the application of Article 60 GDPR14/3/20221.060
2022Guidelines 01/2022data subject rights - Right of access18/1/2022PC15/22
2021Guidelines 05/2021the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR18/11/20213-44/50
2021Guidelines 04/2021on codes of conduct as tools for transfers22/2/20222.0
2021Guidelines 03/2021the application of Article 65(1)(a) GDPR13/4/202165(1)(a)
2021Guidelines 02/2021Virtual Voice Assistants7/7/20212.0
2021Guidelines 01/2021Examples regarding Data Breach Notification14/12/20212.04-33-34
2020Guidelines 10/2020restrictions under Article 23 GDPR13/10/20212.023
2020Guidelines 09/2020relevant and reasoned objection under Regulation 2016/6799/3/20212.04-60-65
2020Guidelines 08/2020the targeting of social media users2/9/20201.0
2020Guidelines 07/2020the concepts of controller and processor in the GDPR2/9/20201.04-24-28-29
2020Guidelines 06/2020the interplay of the Second Payment Services Directive and the GDPR15/12/20202.0
2020Guidelines 05/2020consent under Regulation 2016/6794/5/20201.04-6-7-8
2020Guidelines 04/2020the use of location data and contact tracing tools in the context of the COVID-19 outbreak21/4/2020
2020Guidelines 03/2020the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak21/4/2020
2020Guidelines 02/2020on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies15/12/20202.046
2020Guidelines 01/2020processing personal data in the context of connected vehicles and mobility related applications28/1/20201.0
2019Guidelines 05/2019the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1)7/7/20202.017
2019Guidelines 04/2019Article 25 Data Protection by Design and by Default20/10/20202.025
2019Guidelines 03/2019processing of personal data through video devices29/1/20202.0
2019Guidelines 02/2019the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects8/10/20192.06
2019Guidelines 01/2019Codes of Conduct and Monitoring Bodies under Regulation 2016/6794/6/20192.040-41
2018Guidelines 04/2018the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)4/6/20193.043
2018Guidelines 03/2018the territorial scope of the GDPR (Article 3)16/11/20183
2018Guidelines 02/2018derogations of Article 49 under Regulation 2016/67925/5/201849
2018Guidelines 01/2018certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/67925/5/201842-43



Guidelines


2022


  1. Guidelines 5/2022 on the use of facial recognition technology in the area of law enforcement - Adopted on 12/5/2022 - PC (comments by June 27th 2022);
  2. Guidelines 4/2022 on the calculation of administrative fines under the GDPR - Adopted on 12/5/2022 - PC (comments by June 27th 2022);
  3. Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them - Adopted on 14/3/2022 - PC (comments by May 2nd 2022);
  4. Guidelines 02/2022 on the application of Article 60 GDPR - Adopted on 14/03/2022 (v.1.0);
  5. Guidelines 01/2022 on data subject rights - Right of access - Adopted on 18/1/2022 - PC (comments by March 11th 2022);

2021


  1. Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR - Adopted on 18/11/2021 - PC (19/11/2021 - 31/1/2021);
  2. Guidelines 04/2021 on codes of conduct as tools for transfers - Adopted on 22/02/2022 (v.2.0);
  3. Guidelines 03/2021 on the application of Article 65(1)(a) GDPR - Adopted on 13/4/2021 - PC (16/4/2021 - 28/5/2021);
  4. Guidelines 02/2021 on virtual voice assistants - Adopted on 7/7/2021 (v.2.0);
  5. Guidelines 01/2021 on Examples regarding Data Breach Notification - Adopted on 14/12/2021 (v.2.0);

2020


  1. Guidelines 10/2020 on restrictions under Article 23 GDPR - Adopted on 13/10/2021 (v.2.0);
  2. Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679 - Adopted on 9/3/2021 (v.2.0);
  3. Guidelines 8/2020 on the targeting of social media users - Adopted on 13/4/2021 (v.2.0);
  4. Guidelines 07/2020 on the concepts of controller and processor in the GDPR - Adopted on 7/7/2021 (v.2.0);
  5. Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR - Adopted on 15/12/2020 (v.2);
  6. Guidelines 05/2020 on consent under Regulation 2016/679 - Adopted on 4/5/2020 (v.1.0);
  7. Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak - Adopted on 21/4/2020;
  8. Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak - Adopted on 21/4/2020
  9. Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies Adopted on 15/12/2020 (v.2);
  10. Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications - Adopted on 28/1/2020 (v.1) - PC (7/2/2020 - 4/5/2020).

2019


  1. Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1) - Adopted on 7/7/2020 (v.2.0);
  2. Guidelines 4/2019 on Article 25 Data Protection by Design and by Default - Adopted on 20/10/2020 (v.2.0);
  3. Guidelines 3/2019 on processing of personal data through video devices - Adopted on 29/1/2020 (v.2.0);
  4. Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects - Adopted on 8/10/2019 (v.2.0);
  5. Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 - Adopted on 4/6/2019 (v.2.0).

2018


  1. Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) - Annex 1 - Adopted on 4/12/2018 - PC (14/12/2018 - 1/2/2019).
  2. Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) - Adopted on 16/11/2018 - PC (23/11/2018 - 18/1/2019);
  3. Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679 - Adopted on 25/5/2018;
  4. Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 - Adopted on 25/5/2018 - PC (30/5/2018 - 12/7/2018).



Recommendations


2021


  1. Recommendations 02/2021 on the legal basis for the storage of credit card data for the sole purpose of facilitating further online transactions - Adopted on 19/5/2021;
  2. Recommendations 01/2021 on the adequacy referential under the Law Enforcement Directive - Adopted on 2/2/2021.

2020


  1. Recommendations 02/2020 on the European Essential Guarantees for surveillance measures - Adopted on 10/11/2020;
  2. Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data - Adopted on 18/6/2021 (v.2.0);
  3. Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data - Adopted on 10/11/2020 - PC (11/11/202 - 21/12/2020).

2019


  1. Recommendation 01/2019 on the draft list of the European Data Protection Supervisor regarding the processing operations subject to the requirement of a data protection impact assessment (Article 39.4 of Regulation (EU) 2018/1725) - Adopted on 10/7/2019.



Best Practice


Nessun documento.




Opinions


2022


EDPB-EDPS Joint Opinions

  1. EDPB-EDPS Joint Opinion 2/2022 on the Proposal of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) - Adopted on 4/5/2022;
  2. EDPB-EDPS Joint Opinion 1/2022 on the extension of Covid-19 certificate Regulation - Adopted on 14/3/2022

EDPB Opinions

EDPB Opinions

  1. Opinion 09/2022 on the draft decision of the Danish Supervisory Authority regarding the Processor Binding Corporate Rules of Bioclinica Group - Adopted on 4/5/2022;
  2. Opinion 08/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Bioclinica Group - Adopted on 4/5/2022;
  3. Opinion 07/2022 on the draft decision of the Hungarian Supervisory Authority regarding the Controller Binding Corporate Rules of MOL Group - Adopted on 19/4/2022;
  4. Opinion 06/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Groupon International Limited - Adopted on 19/4/2022;
  5. Opinion 05/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Lundbeck Group - Adopted on 19/4/2022;
  6. Opinion 04/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Norican Group - Adopted on 18/3/2022;
  7. Opinion 03/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the WEBHELP Group - Adopted on 7/2/2022;
  8. Opinion 02/2022 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the WEBHELP Group - Adopted on 7/2/2022;
  9. Opinion 1/2022 on the draft decision of the Luxembourg Supervisory Authority regarding the GDPR – CARPA certification criteria - Adopted on 1/2/2022;

2021


EDPB-EDPS Joint Opinions

  1. EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) - Adopted on 18/6/2021;
  2. EDPB-EDPS Joint Opinion 04/2021 on the Proposal for a Regulation of the European Parliament and of the Council on a framework for the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery - Adopted on 8/4/2021 (v.1.1);
  3. EDPB-EDPS Joint Opinion 03/2021 on the Proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act) - Adopted on 9/6/2021 (v.1.1);
  4. EDPB-EDPS Joint Opinion 2/2021 on standard contractual clauses for the transfer of personal data to third countries - Adopted on 14/1/2021;
  5. EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors - Adopted on 14/1/2021;

EDPB Opinions

  1. Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject - Adopted on 14/12/2021;
  2. Opinion 38/2021 on the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 20/11/2021;
  3. Opinion 37/2021 on the draft decision of the competent supervisory authority of Malta regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 30/11/2021;
  4. Opinion 36/2021 on the draft decision of the competent supervisory authority of Norway regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 30/11/2021;
  5. Opinion 35/2021 on the draft decision of the competent supervisory authority of Belgium regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 30/11/2021;
  6. Opinion 34/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Otis - Adopted on 26/10/2021;
  7. Opinion 33/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Carrier - Adopted on 26/10/2021;
  8. Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea - Adopted on 24/9/2021;
  9. Opinion 31/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of the COLT Group - Adopted on 2/8/2021;
  10. Opinion 30/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the COLT Group - Adopted on 2/8/2021;
  11. Opinion 29/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of Oregon Tool, Inc (Formerly “Blount”) - Adopted on 2/8/2021;
  12. Opinion 28/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Oregon Tool, Inc (formerly “Blount”) - Adopted on 2/8/2021;
  13. Opinion 27/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Processor Binding Corporate Rules of the Internet Initiative Japan Group - Adopted on 2/8/2021;
  14. Opinion 26/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Controller Binding Corporate Rules of the Internet Initiative Japan Group - Adopted on 2/8/2021;
  15. Opinion 25/2021 on the draft decision of the competent supervisory authority of Lithuania regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 20/7/2021;
  16. Opinion 24/2021 on the draft decision of the competent supervisory authority of Slovakia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 20/7/2021;
  17. Opinion 23/2021 on the draft decision of the competent supervisory authority of Czech Republic regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 20/7/2021;
  18. Opinion 22/2021 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the CGI Group - Adopted on 1/7/2021;
  19. Opinion 21/2021 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the CGI Group - Adopted on 1/7/2021;
  20. Opinion 20/2021 on Tobacco Traceability System - Adopted on 18/6/2021;
  21. Opinion 19/2021 on the draft decision of the competent supervisory authority of Hungary regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 1/6/2021;
  22. Opinion 18/2021 on the draft Standard Contractual Clauses submitted by the LT SA (Article 28(8) GDPR) - Adopted on 19/5/2021;
  23. Opinion 17/2021 on the draft decision of the French Supervisory Authority regarding the European code of conduct submitted by the Cloud Infrastructure Service Providers (CISPE) - Adopted on 19/5/2021;
  24. Opinion 16/2021 on the draft decision of the Belgian Supervisory Authority regarding the “EU Data Protection Code of Conduct for Cloud Service Providers” submitted by Scope Europe - Adopted on 19/5/2021;
  25. Opinion 15/2021 regarding the European Commission Draft Implementing Decision pursuant to Directive (EU) 2016/680 on the adequate protection of personal data in the United Kingdom - Adopted on 13/4/2021;
  26. Opinion 14/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the United Kingdom - Adopted on 13/4/2021;
  27. Opinion 13/2021 on the draft decision of the competent supervisory authority of Romania regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/3/2021;
  28. Opinion 12/2021 on the draft decision of the competent supervisory authority of Portugal regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/3/2021;
  29. Opinion 11/2021 on the draft decision of the competent supervisory authority of Norway regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/3/2021;
  30. Opinion 10/2021 on the draft decision of the competent supervisory authority of Hungary regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/3/2021;
  31. Opinion 09/2021 on the draft decision of the Baden- Wurttemberg Supervisory Authority regarding the Controller Binding Corporate Rules of Luxoft Group - Adopted on 16/2/2021;
  32. Opinion 08/2021 on the draft decision of the Baden- Wurttemberg Supervisory Authority regarding the Processor Binding Corporate Rules of Luxoft Group - Adopted on 16/2/2021;
  33. Opinion 07/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Kumon Group - Adopted on 16/2/2021;
  34. Opinion 06/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of Kumon Group - Adopted on 16/2/2021;
  35. Opinion 05/2021 on the draft Administrative Arrangement for the transfer of personal data between the Haut Conseil du Commissariat aux Comptes (H3C) and the Public Company Accounting Oversight Board (PCAOB) - Adopted on 2/2/2021;
  36. Opinion 04/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of BDO - Adopted on 22/1/2021;
  37. Opinion 03/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of BDO - Adopted on 22/1/2021;
  38. Opinion 02/2021 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of Elanders Group - Adopted on 22/1/2021;
  39. Opinion 01/2021 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Saxo Bank Group - Adopted on 22/1/2021.

2020


EDPB Opinions

  1. Opinion 32/2020 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of Equinix - Adopted on 15/12/2020;
  2. Opinion 31/2020 on the draft decision of the competent supervisory authority of Poland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 7/12/2020;
  3. Opinion 30/2020 on the draft decision of the competent supervisory authority of Austria regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 7/12/2020;
  4. Opinion 29/2020 on the draft decision of the Lower Saxony Supervisory Authority regarding the Controller Binding Corporate Rules of Novelis Group - Adopted on 8/12/2020;
  5. Opinion 28/2020 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Iberdrola Group - Adopted on 8/12/2020;
  6. Opinion 27/2020 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Coloplast Group - Adopted on 8/12/2020;
  7. Opinion 26/2020 on the draft decision of the competent supervisory authority of Denmark regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 7/12/2020;
  8. Opinion 25/2020 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of Tetra Pak - Adopted on 31/7/2020;
  9. Opinion 24/2020 on the draft decision of the Norwegian Supervisory Authority regarding the Controller Binding Corporate Rules of Jotun - Adopted on 31/7/2020;
  10. Opinion 23/2020 on the draft decision of the competent supervisory authority of Italy regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/7/2020;
  11. Opinion 22/2020 on the draft decision of the competent supervisory authority of Greece regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/7/2020;
  12. Opinion 21/2020 on the draft decision of the competent supervisory authority of the Netherlands regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/7/2020;
  13. Opinion 20/2020 on the draft decision of the competent supervisory authority of Greece regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/7/2020;
  14. Opinion 19/2020 on the draft decision of the competent supervisory authority of Denmark regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/7/2020;
  15. Opinion 18/2020 on the draft decision of the competent supervisory authority of the Netherlands regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/7/2020;
  16. Opinion 17/2020 on the draft Standard Contractual Clauses submitted by the SI SA (Article 28(8) GDPR) - Adopted on 19/5/2020;
  17. Opinion 16/2020 on the draft decision of the competent supervisory authority of the Czech Republic regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 25/5/2020;
  18. Opinion 15/2020 on the draft decision of the competent supervisory authorities of Germany regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 25/5/2020;
  19. Opinion 14/2020 on the draft decision of the competent supervisory authority of Ireland regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 25/5/2020;
  20. Opinion 13/2020 on the draft decision of the competent supervisory authority of Italy regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  21. Opinion 12/2020 on the draft decision of the competent supervisory authority of Finland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  22. Opinion 11/2020 on the draft decision of the competent supervisory authority of Ireland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  23. Opinion 10/2020 on the draft decision of the competent supervisory authorities of Germany regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  24. Opinion 9/2020 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of Reinsurance Group of America Adopted on 14/4/2020;
  25. Opinion 8/2020 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Reinsurance Group of America - Adopted on 14/4/2020;
  26. Opinion 7/2020 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 22/4/2020;
  27. Opinion 6/2020 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Fujikura Automotive Europe Group (FAE Group) - Adopted on 29/1/2020;
  28. Opinion 5/2020 on the draft decision of the competent supervisory authority of Luxembourg regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 GDPR - Adopted on 29/1/2020;
  29. Opinion 4/2020 on the draft decision of the competent supervisory authority of the United Kingdom regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 GDPR - Adopted on 29/1/2020;
  30. Opinion 3/2020 on the France data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 28/1/2020;
  31. Opinion 2/2020 on the Belgium data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 28/1/2020;
  32. 33.Opinion 1/2020 on the Spanish data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 28/1/2020;

2019


EDPB-EDPS Joint Opinions

  1. EDPB-EDPS Joint Opinion 1/2019 on the processing of patients’ data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI) - Adopted on 12/7/2019;

EDPB Opinions

  1. Opinion 16/2019 on the draft decision of the Belgian Supervisory Authority regarding the Binding Corporate Rules of ExxonMobil Corporation - Adopted on 12/11/2019.
  2. Opinion 15/2019 on the draft decision of the competent supervisory authority of the United Kingdom regarding the Binding Corporate Rules of Equinix Inc. - Adopted on 8/10/2019;
  3. Opinion 14/2019 on the draft Standard Contractual Clauses submitted by the DK SA (Article 28(8) GDPR) - Adopted on 9/7/2019;
  4. Opinion 13/2019 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 10/7/2019;
  5. Opinion 12/2019 on the draft list of the competent supervisory authority of Spain regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 10/7/2019;
  6. Opinion 11/2019 on the draft list of the competent supervisory authority of the Czech Republic regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 10/7/2019;
  7. Opinion 10/2019 on the draft list of the competent supervisory authority of Cyprus regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35(4) GDPR) - Adopted on 9/7/2019;
  8. Opinion 9/2019 on the Austrian data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 9/7/2019;
  9. Opinion 8/2019 on the competence of a supervisory authority in case of a change in circumstances relating to the main or single establishment - Adopted on 9/7/2019;
  10. Opinion 7/2019 on the draft list of the competent supervisory authority of Iceland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 12/3/2019;
  11. Opinion 6/2019 on the draft list of the competent supervisory authority of Spain regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 12/3/2019;
  12. Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities - Adopted on 12/3/2019;
  13. Opinion 4/2019 on the draft AA between EEA and non-EEA Financial Supervisory Authorities - Adopted on 12/2/2019;
  14. Opinion 3/2019 concerning the Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection regulation (GDPR) - Adopted on 23/1/2019;
  15. Opinion 2/2019 on the draft list of the competent supervisory authority of Norway regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 23/1/2019;
  16. Opinion 01/2019 on the draft list of the competent supervisory authority of the Principality of Liechtenstein regarding the processing operations subject to the requirement of a data protection impact assessment (Article 17.4 GDPR) - Adopted on 23/1/2019.

2018


EDPB Opinions

  1. Opinion 28/2018 regarding the European Commission Draft Implementing Decision on the adequate protection of personal data in Japan - Adopted on 5/12/2018;
  2. Opinion 27/2018 on the draft list of the competent supervisory authority of Slovenia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  3. Opinion 26/2018 on the draft list of the competent supervisory authority of Luxembourg regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  4. Opinion 25/2018 on the draft list of the competent supervisory authority of Croatia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  5. Opinion 24/2018 on the draft list of the competent supervisory authority of Denmark regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  6. Opinion 23/2018 on Commission proposals on European Production and Preservation Orders for electronic evidence in criminal matters (Art. 70.1.b) - Adopted on 23/9/2018;
  7. Opinion 22/2018 on the draft list of the competent supervisory authority of the United Kingdom regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  8. Opinion 21/2018 on the draft list of the competent supervisory authority of Slovakia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  9. Opinion 20/2018 on the draft list of the competent supervisory authority of Sweden regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  10. Opinion 19/2018 on the draft list of the competent supervisory authority of Romania regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  11. Opinion 18/2018 on the draft list of the competent supervisory authority of Portugal regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  12. Opinion 17/2018 on the draft list of the competent supervisory authority of Poland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  13. Opinion 16/2018 on the draft list of the competent supervisory authority of the Netherlands regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  14. Opinion 15/2018 on the draft list of the competent supervisory authority of Malta regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  15. Opinion 14/2018 on the draft list of the competent supervisory authority of Latvia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  16. Opinion 13/2018 on the draft list of the competent supervisory authority of Lithuania regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  17. Opinion 12/2018 on the draft list of the competent supervisory authority of Italy regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  18. Opinion 11/2018 on the draft list of the competent supervisory authority of Ireland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  19. Opinion 10/2018 on the draft list of the competent supervisory authority of Hungary regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  20. Opinion 9/2018 on the draft list of the competent supervisory authority of France regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  21. Opinion 8/2018 on the draft list of the competent supervisory authority of Finland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  22. Opinion 7/2018 on the draft list of the competent supervisory authority of Greece regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  23. Opinion 6/2018 on the draft list of the competent supervisory authority of Estonia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  24. Opinion 5/2018 on the draft list of the competent supervisory authorities of Germany regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  25. Opinion 4/2018 on the draft list of the competent supervisory authority of Czech Republic regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  26. Opinion 3/2018 on the draft list of the competent supervisory authority of Bulgaria regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  27. Opinion 2/2018 on the draft list of the competent supervisory authority of Belgium regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  28. Opinion 1/2018 on the draft list of the competent supervisory authority of Austria regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018.

Stay tuned!