On 25 May 2018 the European Data Protection Board (EDPB) formally replaced the Article 29 Working Party as the European advisory committee on data protection issues. In addition to taking over Article 29 Working Party’s responsibilities in issuing guidelines, recommendations and statements of best practice, the EDPB, which operates as an independent body of the European Union with its own separate legal personality, also takes on a far broader set of responsibilities:

  • examining – on its own initiative or on the request of one of its members or the European Commission (Commission) – any question covering the application of the GDPR;
  • advising the Commission on any issue related to data protection in the EU, including on any proposed amendment of the General Data Protection Regulation (GDPR) and any EU legislative proposal;
  • advising the Commission on the format and procedures for the exchange of information in the framework of the Binding Corporate Rules;
  • providing the Commission with an opinion on the assessment of the adequacy of the level of protection in a third country;
  • providing opinions on draft decisions of the supervisory authorities; and
  • issuing binding decisions in certain instances, mostly about dispute resolution among supervisory authorities.

In its first plenary meeting, which took place on 25 May 2018, the EDPB agreed the final version of Guidelines 2/2018 on the derogations under Article 49 GDPR in the context of international data transfers (Article 49 Guidelines), as well as a set of draft Guidelines 1/2018 on certification in accordance with Articles 42 and 43 GDPR (Certification Guidelines).Continue Reading European Data Protection Board replaces Article 29 Working Party