Tag Archives: European Data Protection Board

EDPB adopts final version of guidelines on the territorial scope of the GDPR

On 12 November 2019, at its 15th plenary meeting, the European Data Protection Board (EDPB) adopted final guidelines on the territorial scope of the General Data Protection Regulation (GDPR) (the guidelines) following public consultation. We have previously considered the draft guidelines on our blog. The first of the two blogs considered the extra-territorial scope of … Continue Reading

EDPB completes guidelines on codes of conduct, certification and accreditation of certification bodies

At its eleventh plenary session on 4 June 2019 in Brussels, the European Data Protection Board (EDPB) adopted final versions of (1) the Guidelines 1/2019 on codes of conduct and monitoring bodies under Regulation 2016/679, (2) annex 2 to the Guidelines on certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 … Continue Reading

More questions, complaints, and cross-border enforcement – GDPR one year on

The European Data Protection Board (EDPB) has published a survey of European Economic Area (EEA) regulators setting out General Data Protection Regulation (GDPR) enforcement trends. The report makes for interesting reading. It sets out how: the GDPR’s “one stop shop” mechanism has been bedding down; and the number of data subject complaints and data breach … Continue Reading

Is 2019 the year for GDPR certification and codes of conduct?

The UK’s Information Commissioner’s Office (ICO) has published new guidance on certification and codes of conduct for data processing as well as expected timetables for finalising its revised guidelines on these topics. Certification Certification is a voluntary mechanism for organisations to validate their compliance with the General Data Protection Regulation 2016/679 (GDPR). Once the submissions … Continue Reading

EDPB guidelines on processing personal data under GDPR, Article 6(1)(b)

The European Data Protection Board (EDPB) met for its ninth plenary session on 9 and 10 April 2019. The EDPB discussed a number of issues concerning the application of the General Data Protection Regulation 2016/679 (GDPR), outlined in the agenda. One of the key developments was the adoption of draft guidelines by the EDPB on … Continue Reading

EDPB issues guidelines on GDPR certification

The European Data Protection Board (EDPB) has adopted guidelines in relation to the certification mechanism prescribed under the General Data Protection Regulation 2016/679 (GDPR). The EDPB guidelines are aimed at supervisory authorities and certification bodies and provide helpful insight into the requirements and criteria relevant to all types of certification mechanisms issued under articles 42 … Continue Reading

No-deal Brexit: EU regulators issue data transfer guidance

On 12 February 2019, the European Data Protection Board (EDPB) met for its seventh plenary session. You can see our blog on the full session here. At this session, the EDPB adopted two information notes. The information notes offer guidance on data protection issues in the event of a no-deal Brexit, namely: data transfers generally … Continue Reading

Updates from the European Data Protection Board

The European Data Protection Board (EDPB) met for its seventh plenary session on 12 February 2019. The session covered many areas of discussion, outlined in the agenda. The four main areas covered, and highlighted in the EDPB’s press release, were: 1. Work programme: The EDPB adopted a two-year work programme, covering 2019-2020. The work programme … Continue Reading

The interplay between the Clinical Trials Regulation and the GDPR

The European Data Protection Board (EDPB) recently adopted its opinion on the interplay between the Clinical Trials Regulation 536/2014 (CTR) and the General Data Protection Regulation 2016/679 (GDPR) (the opinion). The opinion was given at the request of the European Commission. The CTR seeks to harmonise the rules for conducting clinical trials throughout the European … Continue Reading

Does GDPR require non-EU companies to nominate EU representatives? EDPB issues guidance

On 16 November 2018, the European Data Protection Board (EDPB) adopted draft guidelines on the territorial scope of the General Data Protection Regulation (GDPR) (the guidelines). Last week we published a blog on these guidelines, focusing on when the GDPR applies to non-European Union (EU) controllers and processors. This week, we focus on when non-EU … Continue Reading

EDPB issues much-awaited guidance on GDPR’s territorial scope

On 16 November 2018, the European Data Protection Board (EDPB) adopted draft guidelines on the territorial scope of the General Data Protection Regulation (GDPR) (the guidelines). This is the first of two blogs on the guidelines. This blog considers the extra-territorial scope of the GDPR. Next week, we will consider the need for non-European Union … Continue Reading

Will EU data protection authorities ‘consistency mechanism’ be ready in time for the GDPR?

During an Article 29 Working Party (WP29) press conference on 7 February 2018, the outgoing chair and French privacy chief, Isabelle Falque-Pierrotin, expressed concerns that EU data protection authorities (DPAs) may not be able to enforce the General Data Protection Regulation (GDPR) effectively and in a unified manner in accordance with the consistency mechanism, by … Continue Reading

Draft Data Protection Regulation delayed

At the latest meeting in Brussels, Justice ministers failed to come to a consensus on the “one stop shop mechanism” and the role of the proposed European Data Protection Board (EDPB). The minutes state that while a “majority of ministers endorsed the general architecture of the proposal,” “further technical work is required”. Ahead of the … Continue Reading
LexBlog