GDPR
Image by DreamPixer from Pixabay

Elenco dei principali documenti adottati e pubblicati dal comitato europeo per la protezione dei dati

Fonte: sito web del Comitato europeo per la protezione dei dati (EDPB).

Abbiamo raccolto i principali riferimenti della produzione documentale dell’EDPB così come pubblicati sul loro sito istituzionale.

Il nostro obiettivo è quello di proporre una risorsa che offra una panoramica sui principali provvedimenti emessi dall’EDPB per agevolare i professionisti della privacy e le persone che si occupano di protezione dei dati e privacy nelle attività di lavoro e di studio.

La pagina è comunque in continuo aggiornamento.

Restate sintonizzati!

Dopo la tabella delle Linee guida (Guidelines), potete trovare tutti i documenti chiave adottati e pubblicati dall’EDPB, ordinati per anno.

Ultimi documenti pubblicati (aggiornamento al 17/11/2022) - Raccomandazioni (Recommendations) 2022:


Nella tabella, le date in grassetto si riferiscono alle ultime Linee guida (Guidelines) pubblicate.


Tabella delle Linee guida (Guidelines) EDPB ordinate per anno


YearG. Nr.TopicAdoptedversionGDPR
2022Guidelines 9/2022on personal data breach notification under GDPR10/10/20221.0-PCR87-4(12)-32-33-34
2022Guidelines 8/2022on identifying a controller or processor’s lead supervisory authority10/10/20221.0-PCR36-4(16)-4(23)-56
2022Guidelines 07/2022on certification as a tool for transfers14/6/20221.046(2)(f)
2022Guidelines 06/2022on the practical implementation of amicable settlements12/5/20222.0R131
2022Guidelines 05/2022on the use of facial recognition technology in the area of law enforcement12/5/20221.0-PC60
2022Guidelines 04/2022on the calculation of administrative fines under the GDPR12/5/20221.0-PC83
2022Guidelines 3/2022on Dark patterns in social media platform interfaces: How to recognise and avoid them14/3/2022PC
2022Guidelines 02/2022on the application of Article 60 GDPR14/3/20221.060
2022Guidelines 01/2022on data subject rights - Right of access18/1/2022PC15/22
2021Guidelines 05/2021on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR18/11/20213-44/50
2021Guidelines 04/2021on codes of conduct as tools for transfers22/2/20222.0
2021Guidelines 03/2021on the application of Article 65(1)(a) GDPR13/4/202165(1)(a)
2021Guidelines 02/2021on Virtual Voice Assistants7/7/20212.0
2021Guidelines 01/2021Examples regarding Data Breach Notification14/12/20212.04-33-34
2020Guidelines 10/2020on restrictions under Article 23 GDPR13/10/20212.023
2020Guidelines 09/2020on relevant and reasoned objection under Regulation 2016/6799/3/20212.04-60-65
2020Guidelines 08/2020on the targeting of social media users2/9/20201.0
2020Guidelines 07/2020the concepts of controller and processor in the GDPR2/9/20201.04-24-28-29
2020Guidelines 06/2020on the interplay of the Second Payment Services Directive and the GDPR15/12/20202.0
2020Guidelines 05/2020on consent under Regulation 2016/6794/5/20201.04-6-7-8
2020Guidelines 04/2020on the use of location data and contact tracing tools in the context of the COVID-19 outbreak21/4/2020
2020Guidelines 03/2020on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak21/4/2020
2020Guidelines 02/2020on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies15/12/20202.046
2020Guidelines 01/2020on processing personal data in the context of connected vehicles and mobility related applications28/1/20201.0
2019Guidelines 05/2019on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1)7/7/20202.017
2019Guidelines 04/2019on Article 25 Data Protection by Design and by Default20/10/20202.025
2019Guidelines 03/2019on processing of personal data through video devices29/1/20202.0
2019Guidelines 02/2019on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects8/10/20192.06
2019Guidelines 01/2019on Codes of Conduct and Monitoring Bodies under Regulation 2016/6794/6/20192.040-41
2018Guidelines 04/2018on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)4/6/20193.043
2018Guidelines 03/2018on the territorial scope of the GDPR (Article 3)16/11/20183
2018Guidelines 02/2018on derogations of Article 49 under Regulation 2016/67925/5/201849
2018Guidelines 01/2018on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/67925/5/201842-43



Linee guida (Guidelines)


2022


  1. Guidelines 9/2022 on personal data breach notification under GDPR - Adopted on 10/10/2022 (v. 1.0) - Pub. 18/10/2022 - PC (comments by 29th November 2022 at the latest);
  2. Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority - Adopted on 10/10/2022 (v. 1.0) - Pub. 21/10/2022 - PC (comments by 2nd December 2022 at the latest);
  3. Guidelines 07/2022 on certification as a tool for transfers - Adopted on 14/6/2022 (v. 1.0) - Pub. 30/06/2022 - PC (comments by 30th September 2022 at the latest);
  4. Guidelines 06/2022 on the practical implementation of amicable settlements - Adopted on 12/5/2022 (v. 2.0);
  5. Guidelines 5/2022 on the use of facial recognition technology in the area of law enforcement - Adopted on 12/5/2022 - PC (comments by June 27th 2022);
  6. Guidelines 4/2022 on the calculation of administrative fines under the GDPR - Adopted on 12/5/2022 - PC (comments by June 27th 2022);
  7. Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them - Adopted on 14/3/2022 - PC (comments by May 2nd 2022);
  8. Guidelines 02/2022 on the application of Article 60 GDPR - Adopted on 14/03/2022 (v.1.0);
  9. Guidelines 01/2022 on data subject rights - Right of access - Adopted on 18/1/2022 - PC (comments by March 11th 2022);

2021


  1. Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR - Adopted on 18/11/2021 - PC (19/11/2021 - 31/1/2021);
  2. Guidelines 04/2021 on codes of conduct as tools for transfers - Adopted on 22/02/2022 (v.2.0);
  3. Guidelines 03/2021 on the application of Article 65(1)(a) GDPR - Adopted on 13/4/2021 - PC (16/4/2021 - 28/5/2021);
  4. Guidelines 02/2021 on virtual voice assistants - Adopted on 7/7/2021 (v.2.0);
  5. Guidelines 01/2021 on Examples regarding Data Breach Notification - Adopted on 14/12/2021 (v.2.0);

2020


  1. Guidelines 10/2020 on restrictions under Article 23 GDPR - Adopted on 13/10/2021 (v.2.0);
  2. Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679 - Adopted on 9/3/2021 (v.2.0);
  3. Guidelines 8/2020 on the targeting of social media users - Adopted on 13/4/2021 (v.2.0);
  4. Guidelines 07/2020 on the concepts of controller and processor in the GDPR - Adopted on 7/7/2021 (v.2.0);
  5. Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR - Adopted on 15/12/2020 (v.2);
  6. Guidelines 05/2020 on consent under Regulation 2016/679 - Adopted on 4/5/2020 (v.1.0);
  7. Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak - Adopted on 21/4/2020;
  8. Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak - Adopted on 21/4/2020
  9. Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies Adopted on 15/12/2020 (v.2);
  10. Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications - Adopted on 28/1/2020 (v.1) - PC (7/2/2020 - 4/5/2020).

2019


  1. Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1) - Adopted on 7/7/2020 (v.2.0);
  2. Guidelines 4/2019 on Article 25 Data Protection by Design and by Default - Adopted on 20/10/2020 (v.2.0);
  3. Guidelines 3/2019 on processing of personal data through video devices - Adopted on 29/1/2020 (v.2.0);
  4. Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects - Adopted on 8/10/2019 (v.2.0);
  5. Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 - Adopted on 4/6/2019 (v.2.0).

2018


  1. Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) - Annex 1 - Adopted on 4/12/2018 - PC (14/12/2018 - 1/2/2019).
  2. Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) - Adopted on 16/11/2018 - PC (23/11/2018 - 18/1/2019);
  3. Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679 - Adopted on 25/5/2018;
  4. Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 - Adopted on 25/5/2018 - PC (30/5/2018 - 12/7/2018).



Decisioni


2022


  1. Decision 01/2022 on the dispute arisen on the draft decision of the French Supervisory Authority regarding Accor SA under Article 65(1)(a) GDPR - Adottata il 15/6/2022



Raccomandazioni


2022

  1. Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR) - Adopted on 14/11/2022

2021


  1. Recommendations 02/2021 on the legal basis for the storage of credit card data for the sole purpose of facilitating further online transactions - Adopted on 19/5/2021;
  2. Recommendations 01/2021 on the adequacy referential under the Law Enforcement Directive - Adopted on 2/2/2021.

2020


  1. Recommendations 02/2020 on the European Essential Guarantees for surveillance measures - Adopted on 10/11/2020;
  2. Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data - Adopted on 18/6/2021 (v.2.0);
  3. Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data - Adopted on 10/11/2020 - PC (11/11/202 - 21/12/2020).

2019


  1. Recommendation 01/2019 on the draft list of the European Data Protection Supervisor regarding the processing operations subject to the requirement of a data protection impact assessment (Article 39.4 of Regulation (EU) 2018/1725) - Adopted on 10/7/2019.



Best Practice


Nessun documento.




Pareri (Opinions)


2022


Pareri congiunti EDPB-EDPS (EDPB-EDPS Joint Opinions)

  1. EDPB-EDPS Joint Opinion 04/2022 on the Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse - Adopted on 28/7/2022;
  2. EDPB-EDPS Joint Opinion 03/2022 on the Proposal for a Regulation on the European Health Data Space - Adopted on 12/7/2022;
  3. EDPB-EDPS Joint Opinion 2/2022 on the Proposal of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) - Adopted on 4/5/2022;
  4. EDPB-EDPS Joint Opinion 1/2022 on the extension of Covid-19 certificate Regulation - Adopted on 14/3/2022

Pareri EDPB (EDPB Opinions)

  1. Opinion 28/2022 on the Europrivacy criteria of certification regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) - Adopted on 10/10/2022;
  2. Opinion 27/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of LEYTON Group - Adopted on 7/10/2022;
  3. Opinion 26/2022 on the draft decision of the Data Protection Authority of Bavaria for the Private Sector regarding the Controller Binding Corporate Rules of the Munich Re Reinsurance Group - Adopted on 30/9/2022;
  4. Opinion 25/2022 regarding the European Privacy Seal (EuroPriSe ) certification criteria for the certification of processing operations by processors - Adopted on 13/9/2022;
  5. Opinion 24/2022 on the draft decision of the Swedish Supervisory Authority regarding the Processor Binding Corporate Rules of the Samres Group - Adopted on 7/9/2022;
  6. Opinion 23/2022 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of the Samres Group - Adopted on 7/9/2022;
  7. Opinion 22/2022 on the draft decision of the Liechtenstein Supervisory Authority regarding the Controller Binding Corporate Rules of Hilti Group - Adopted on 7/9/2022;
  8. Opinion 21/2022 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Ellucian Group - Adopted on 26/8/2022;
  9. Opinion 20/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ellucian Group - Adopted on 26/8/2022;
  10. Opinion 19/2022 on the draft decision of the Baden- Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the Mercedes- Benz Group - Adopted on 26/8/2022;
  11. Opinion 18/2022 on the draft decision of the Baden- Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the Daimler Truck Group - Adopted on 26/8/2022;
  12. Opinion 17/2022 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the ANTOLIN Group - Adopted on 1/8/2022;
  13. Opinion 16/2022 on the draft decision of the competent supervisory authority of Slovenia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 4/7/2022;
  14. Opinion 15/2022 on the draft decision of the competent supervisory authority of Luxembourg regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 4/7/2022;
  15. Opinion 14/2022 on the draft decision of the competent supervisory authority of Bulgaria regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 4/7/2022;
  16. Opinion 13/2022 on the draft decision of the competent supervisory authority of Bulgaria regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 4/7/2022;
  17. Opinion 12/2022 on the draft decision of the competent supervisory authority of France regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 4/7/2022;
  18. Opinion 11/2022 on the draft decision of the competent supervisory authority of Poland regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 4/7/2022;
  19. Opinion 09/2022 on the draft decision of the Danish Supervisory Authority regarding the Processor Binding Corporate Rules of Bioclinica Group - Adopted on 4/5/2022;
  20. Opinion 08/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Bioclinica Group - Adopted on 4/5/2022;
  21. Opinion 07/2022 on the draft decision of the Hungarian Supervisory Authority regarding the Controller Binding Corporate Rules of MOL Group - Adopted on 19/4/2022;
  22. Opinion 06/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Groupon International Limited - Adopted on 19/4/2022;
  23. Opinion 05/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Lundbeck Group - Adopted on 19/4/2022;
  24. Opinion 04/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Norican Group - Adopted on 18/3/2022;
  25. Opinion 03/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the WEBHELP Group - Adopted on 7/2/2022;
  26. Opinion 02/2022 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the WEBHELP Group - Adopted on 7/2/2022;
  27. Opinion 1/2022 on the draft decision of the Luxembourg Supervisory Authority regarding the GDPR – CARPA certification criteria - Adopted on 1/2/2022;

2021


Pareri congiunti EDPB-EDPS (EDPB-EDPS Joint Opinions)

  1. EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) - Adopted on 18/6/2021;
  2. EDPB-EDPS Joint Opinion 04/2021 on the Proposal for a Regulation of the European Parliament and of the Council on a framework for the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery - Adopted on 8/4/2021 (v.1.1);
  3. EDPB-EDPS Joint Opinion 03/2021 on the Proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act) - Adopted on 9/6/2021 (v.1.1);
  4. EDPB-EDPS Joint Opinion 2/2021 on standard contractual clauses for the transfer of personal data to third countries - Adopted on 14/1/2021;
  5. EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors - Adopted on 14/1/2021;

Pareri EDPB (EDPB Opinions)

  1. Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject - Adopted on 14/12/2021;
  2. Opinion 38/2021 on the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 20/11/2021;
  3. Opinion 37/2021 on the draft decision of the competent supervisory authority of Malta regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 30/11/2021;
  4. Opinion 36/2021 on the draft decision of the competent supervisory authority of Norway regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 30/11/2021;
  5. Opinion 35/2021 on the draft decision of the competent supervisory authority of Belgium regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 30/11/2021;
  6. Opinion 34/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Otis - Adopted on 26/10/2021;
  7. Opinion 33/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Carrier - Adopted on 26/10/2021;
  8. Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea - Adopted on 24/9/2021;
  9. Opinion 31/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of the COLT Group - Adopted on 2/8/2021;
  10. Opinion 30/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the COLT Group - Adopted on 2/8/2021;
  11. Opinion 29/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of Oregon Tool, Inc (Formerly “Blount”) - Adopted on 2/8/2021;
  12. Opinion 28/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Oregon Tool, Inc (formerly “Blount”) - Adopted on 2/8/2021;
  13. Opinion 27/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Processor Binding Corporate Rules of the Internet Initiative Japan Group - Adopted on 2/8/2021;
  14. Opinion 26/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Controller Binding Corporate Rules of the Internet Initiative Japan Group - Adopted on 2/8/2021;
  15. Opinion 25/2021 on the draft decision of the competent supervisory authority of Lithuania regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 20/7/2021;
  16. Opinion 24/2021 on the draft decision of the competent supervisory authority of Slovakia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 20/7/2021;
  17. Opinion 23/2021 on the draft decision of the competent supervisory authority of Czech Republic regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 20/7/2021;
  18. Opinion 22/2021 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the CGI Group - Adopted on 1/7/2021;
  19. Opinion 21/2021 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the CGI Group - Adopted on 1/7/2021;
  20. Opinion 20/2021 on Tobacco Traceability System - Adopted on 18/6/2021;
  21. Opinion 19/2021 on the draft decision of the competent supervisory authority of Hungary regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 1/6/2021;
  22. Opinion 18/2021 on the draft Standard Contractual Clauses submitted by the LT SA (Article 28(8) GDPR) - Adopted on 19/5/2021;
  23. Opinion 17/2021 on the draft decision of the French Supervisory Authority regarding the European code of conduct submitted by the Cloud Infrastructure Service Providers (CISPE) - Adopted on 19/5/2021;
  24. Opinion 16/2021 on the draft decision of the Belgian Supervisory Authority regarding the “EU Data Protection Code of Conduct for Cloud Service Providers” submitted by Scope Europe - Adopted on 19/5/2021;
  25. Opinion 15/2021 regarding the European Commission Draft Implementing Decision pursuant to Directive (EU) 2016/680 on the adequate protection of personal data in the United Kingdom - Adopted on 13/4/2021;
  26. Opinion 14/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the United Kingdom - Adopted on 13/4/2021;
  27. Opinion 13/2021 on the draft decision of the competent supervisory authority of Romania regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/3/2021;
  28. Opinion 12/2021 on the draft decision of the competent supervisory authority of Portugal regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/3/2021;
  29. Opinion 11/2021 on the draft decision of the competent supervisory authority of Norway regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/3/2021;
  30. Opinion 10/2021 on the draft decision of the competent supervisory authority of Hungary regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/3/2021;
  31. Opinion 09/2021 on the draft decision of the Baden- Wurttemberg Supervisory Authority regarding the Controller Binding Corporate Rules of Luxoft Group - Adopted on 16/2/2021;
  32. Opinion 08/2021 on the draft decision of the Baden- Wurttemberg Supervisory Authority regarding the Processor Binding Corporate Rules of Luxoft Group - Adopted on 16/2/2021;
  33. Opinion 07/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Kumon Group - Adopted on 16/2/2021;
  34. Opinion 06/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of Kumon Group - Adopted on 16/2/2021;
  35. Opinion 05/2021 on the draft Administrative Arrangement for the transfer of personal data between the Haut Conseil du Commissariat aux Comptes (H3C) and the Public Company Accounting Oversight Board (PCAOB) - Adopted on 2/2/2021;
  36. Opinion 04/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of BDO - Adopted on 22/1/2021;
  37. Opinion 03/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of BDO - Adopted on 22/1/2021;
  38. Opinion 02/2021 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of Elanders Group - Adopted on 22/1/2021;
  39. Opinion 01/2021 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Saxo Bank Group - Adopted on 22/1/2021.

2020


Pareri EDPB (EDPB Opinions)

  1. Opinion 32/2020 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of Equinix - Adopted on 15/12/2020;
  2. Opinion 31/2020 on the draft decision of the competent supervisory authority of Poland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 7/12/2020;
  3. Opinion 30/2020 on the draft decision of the competent supervisory authority of Austria regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 7/12/2020;
  4. Opinion 29/2020 on the draft decision of the Lower Saxony Supervisory Authority regarding the Controller Binding Corporate Rules of Novelis Group - Adopted on 8/12/2020;
  5. Opinion 28/2020 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Iberdrola Group - Adopted on 8/12/2020;
  6. Opinion 27/2020 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Coloplast Group - Adopted on 8/12/2020;
  7. Opinion 26/2020 on the draft decision of the competent supervisory authority of Denmark regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 7/12/2020;
  8. Opinion 25/2020 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of Tetra Pak - Adopted on 31/7/2020;
  9. Opinion 24/2020 on the draft decision of the Norwegian Supervisory Authority regarding the Controller Binding Corporate Rules of Jotun - Adopted on 31/7/2020;
  10. Opinion 23/2020 on the draft decision of the competent supervisory authority of Italy regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/7/2020;
  11. Opinion 22/2020 on the draft decision of the competent supervisory authority of Greece regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/7/2020;
  12. Opinion 21/2020 on the draft decision of the competent supervisory authority of the Netherlands regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/7/2020;
  13. Opinion 20/2020 on the draft decision of the competent supervisory authority of Greece regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/7/2020;
  14. Opinion 19/2020 on the draft decision of the competent supervisory authority of Denmark regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/7/2020;
  15. Opinion 18/2020 on the draft decision of the competent supervisory authority of the Netherlands regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/7/2020;
  16. Opinion 17/2020 on the draft Standard Contractual Clauses submitted by the SI SA (Article 28(8) GDPR) - Adopted on 19/5/2020;
  17. Opinion 16/2020 on the draft decision of the competent supervisory authority of the Czech Republic regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 25/5/2020;
  18. Opinion 15/2020 on the draft decision of the competent supervisory authorities of Germany regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 25/5/2020;
  19. Opinion 14/2020 on the draft decision of the competent supervisory authority of Ireland regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 25/5/2020;
  20. Opinion 13/2020 on the draft decision of the competent supervisory authority of Italy regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  21. Opinion 12/2020 on the draft decision of the competent supervisory authority of Finland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  22. Opinion 11/2020 on the draft decision of the competent supervisory authority of Ireland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  23. Opinion 10/2020 on the draft decision of the competent supervisory authorities of Germany regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  24. Opinion 9/2020 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of Reinsurance Group of America Adopted on 14/4/2020;
  25. Opinion 8/2020 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Reinsurance Group of America - Adopted on 14/4/2020;
  26. Opinion 7/2020 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 22/4/2020;
  27. Opinion 6/2020 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Fujikura Automotive Europe Group (FAE Group) - Adopted on 29/1/2020;
  28. Opinion 5/2020 on the draft decision of the competent supervisory authority of Luxembourg regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 GDPR - Adopted on 29/1/2020;
  29. Opinion 4/2020 on the draft decision of the competent supervisory authority of the United Kingdom regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 GDPR - Adopted on 29/1/2020;
  30. Opinion 3/2020 on the France data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 28/1/2020;
  31. Opinion 2/2020 on the Belgium data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 28/1/2020;
  32. 33.Opinion 1/2020 on the Spanish data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 28/1/2020;

2019


Pareri congiunti EDPB-EDPS (EDPB-EDPS Joint Opinions)

  1. EDPB-EDPS Joint Opinion 1/2019 on the processing of patients’ data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI) - Adopted on 12/7/2019;

Pareri EDPB (EDPB Opinions)

  1. Opinion 16/2019 on the draft decision of the Belgian Supervisory Authority regarding the Binding Corporate Rules of ExxonMobil Corporation - Adopted on 12/11/2019.
  2. Opinion 15/2019 on the draft decision of the competent supervisory authority of the United Kingdom regarding the Binding Corporate Rules of Equinix Inc. - Adopted on 8/10/2019;
  3. Opinion 14/2019 on the draft Standard Contractual Clauses submitted by the DK SA (Article 28(8) GDPR) - Adopted on 9/7/2019;
  4. Opinion 13/2019 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 10/7/2019;
  5. Opinion 12/2019 on the draft list of the competent supervisory authority of Spain regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 10/7/2019;
  6. Opinion 11/2019 on the draft list of the competent supervisory authority of the Czech Republic regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 10/7/2019;
  7. Opinion 10/2019 on the draft list of the competent supervisory authority of Cyprus regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35(4) GDPR) - Adopted on 9/7/2019;
  8. Opinion 9/2019 on the Austrian data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 9/7/2019;
  9. Opinion 8/2019 on the competence of a supervisory authority in case of a change in circumstances relating to the main or single establishment - Adopted on 9/7/2019;
  10. Opinion 7/2019 on the draft list of the competent supervisory authority of Iceland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 12/3/2019;
  11. Opinion 6/2019 on the draft list of the competent supervisory authority of Spain regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 12/3/2019;
  12. Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities - Adopted on 12/3/2019;
  13. Opinion 4/2019 on the draft AA between EEA and non-EEA Financial Supervisory Authorities - Adopted on 12/2/2019;
  14. Opinion 3/2019 concerning the Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection regulation (GDPR) - Adopted on 23/1/2019;
  15. Opinion 2/2019 on the draft list of the competent supervisory authority of Norway regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 23/1/2019;
  16. Opinion 01/2019 on the draft list of the competent supervisory authority of the Principality of Liechtenstein regarding the processing operations subject to the requirement of a data protection impact assessment (Article 17.4 GDPR) - Adopted on 23/1/2019.

2018


Pareri EDPB (EDPB Opinions)

  1. Opinion 28/2018 regarding the European Commission Draft Implementing Decision on the adequate protection of personal data in Japan - Adopted on 5/12/2018;
  2. Opinion 27/2018 on the draft list of the competent supervisory authority of Slovenia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  3. Opinion 26/2018 on the draft list of the competent supervisory authority of Luxembourg regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  4. Opinion 25/2018 on the draft list of the competent supervisory authority of Croatia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  5. Opinion 24/2018 on the draft list of the competent supervisory authority of Denmark regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  6. Opinion 23/2018 on Commission proposals on European Production and Preservation Orders for electronic evidence in criminal matters (Art. 70.1.b) - Adopted on 23/9/2018;
  7. Opinion 22/2018 on the draft list of the competent supervisory authority of the United Kingdom regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  8. Opinion 21/2018 on the draft list of the competent supervisory authority of Slovakia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  9. Opinion 20/2018 on the draft list of the competent supervisory authority of Sweden regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  10. Opinion 19/2018 on the draft list of the competent supervisory authority of Romania regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  11. Opinion 18/2018 on the draft list of the competent supervisory authority of Portugal regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  12. Opinion 17/2018 on the draft list of the competent supervisory authority of Poland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  13. Opinion 16/2018 on the draft list of the competent supervisory authority of the Netherlands regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  14. Opinion 15/2018 on the draft list of the competent supervisory authority of Malta regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  15. Opinion 14/2018 on the draft list of the competent supervisory authority of Latvia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  16. Opinion 13/2018 on the draft list of the competent supervisory authority of Lithuania regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  17. Opinion 12/2018 on the draft list of the competent supervisory authority of Italy regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  18. Opinion 11/2018 on the draft list of the competent supervisory authority of Ireland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  19. Opinion 10/2018 on the draft list of the competent supervisory authority of Hungary regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  20. Opinion 9/2018 on the draft list of the competent supervisory authority of France regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  21. Opinion 8/2018 on the draft list of the competent supervisory authority of Finland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  22. Opinion 7/2018 on the draft list of the competent supervisory authority of Greece regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  23. Opinion 6/2018 on the draft list of the competent supervisory authority of Estonia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  24. Opinion 5/2018 on the draft list of the competent supervisory authorities of Germany regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  25. Opinion 4/2018 on the draft list of the competent supervisory authority of Czech Republic regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  26. Opinion 3/2018 on the draft list of the competent supervisory authority of Bulgaria regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  27. Opinion 2/2018 on the draft list of the competent supervisory authority of Belgium regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  28. Opinion 1/2018 on the draft list of the competent supervisory authority of Austria regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018.



Endorsed WP29 Guidelines


  1. Endorsement of GDPR WP29 guidelines by the EDPB
  2. Guidelines 05/2020 on consent under Regulation 2016/679 - Adopted on 4/5/2020
  3. Guidelines on Transparency under Regulation 2016/679 (wp260rev.01) - Adopted on 29 November 2017 - As last Revised and Adopted on 11 April 2018
  4. Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01) - Adopted on 3 October 2017 - As last Revised and Adopted on 6 February 2018
  5. Guidelines on Personal data breach notification under Regulation 2016/679 (wp250rev.01) - Adopted on 3 October 2017 - As last Revised and Adopted on 6 February 2018
  6. Guidelines on the right to “data portability” (wp242rev.01) - Adopted on 13 December 2016 - As last Revised and adopted on 5 April 2017
  7. Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01) - Adopted on 4 April 2017 - As last Revised and Adopted on 4 October 2017
  8. Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01) - Adopted on 13 December 2016 - As last Revised and Adopted on 5 April 2017
  9. Guidelines on the Lead Supervisory Authority (wp244rev.01) - Adopted on 13 December 2016 - As last Revised and Adopted on 5 April 2017
  10. Position Paper related to article 30(5)
  11. Working Document on the approval procedure of the Binding Corporate Rules for controllers and processors (wp263rev.01) - Adopted on 11 April 2018
  12. Recommendation on the Standard Application form for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data - Adopted on 11 April 2018
  13. Recommendation on the approval of the Processor Binding Corporate Rules form (wp265) - Adopted on 11 April 2018
  14. Working Document on Binding Corporate Rules for Controllers (wp256rev.01) - Adopted on 28 November 2017 - As last Revised and Adopted on 6 February 2018
  15. Working Document on Binding Corporate Rules for Processors (wp257rev.01) - Adopted on 28 November 2017 - As last Revised and Adopted on 6 February 2018
  16. Working document on Adequacy Referential (wp254rev.01) - Adopted on 28 November 2017 - As last Revised and Adopted on 6 February 2018
  17. Guidelines on the application and setting of administrative fines (wp253). Now including available language versions. - Adopted on 3 October 2017


Stay tuned!