Official guidance documents, best practices, and recommendations
EDPB
Opinion 33/2025 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the CSG Group
EDPB
Opinion 34/2025 on the draft decision of the Greek Supervisory Authority regarding C.E.C.L certification criteria
EDPB
Opinion 32/2025 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the CSG Group
EDPB
BCRs & CertificeringOpinion 29/2025 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Illumina Group
EDPB
Altijd willen weten hoe het bij de vergadering van de EDPB aan toe (zou moeten gaan/)gaat, zonder daadwerkelijk erbij te zijn. Zie dit document.
EDPB
Opinion 31/2025 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Arcadis Group
EDPB
Recommendations 2/2025 onthe legal basis for requiring the creation of user accounts on e-commerce websites
EDPB
Opinion 27/2025 regarding the European Commission Draft Implementing Decision pursuant to Directive (EU) 2016/680 on the adequate protection of personal data by the United Kingdom
EDPB
Internal EDPB Document 3/2019 on internal guidance on Article 64(2) GDPR - version 2
EDPB
Opinion 30/2025 on the draft decision of the Dutch Supervisory Authority regarding the Processor Binding Corporate Rules of the Illumina Group
guidelines recht op inzage
Het recht van inzage van betrokkenen is vastgelegd in artikel 8 van het Handvest van de grondrechten van de Europese Unie. Het maakt al sinds het begin deel uit van het Europese wettelijke kader voor gegevensbescherming en wordt nu verder ontwikkeld met specifiekere, preciezere regels in artikel 15 AVG.
Guidelines on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR
The GDPR does not provide for a legal definition of the notion 'transfer of personal data to a third country or to an international organisation'. Therefore, the EDPB provides these guidelines to clarify the scenarios to which it considers that the requirements of Chapter V should be applied and, to that end, it has identified three cumulative criteria to qualify a processing operation as a transfer: - 1) A controller or a processor ('exporter') is subject to the GDPR for the given processing. -...
guidelines certificering
Op grond van artikel 46 van de algemene verordening gegevensbescherming (AVG) moeten gegevensexporteurs passende waarborgen bieden voor de doorgifte van persoonsgegevens aan derde landen of internationale organisaties. Daarom worden in de AVG de verschillende passende waarborgen aangegeven die gegevensexporteurs overeenkomstig artikel 46 kunnen gebruiken als kader voor de doorgifte aan derde landen, onder meer door certificering in te voeren als nieuw doorgiftemechanisme (artikel 42, lid 2, en a...
Guidelines on the accreditation of certification bodies
Guidelines on the calculation of administrative fines under the GDPR
The European Data Protection Board (EDPB) has adopted these guidelines to harmonise the methodology supervisory authorities use when calculating of the amount of the fine. These Guidelines complement the previously adopted Guidelines on the application and setting of administrative fines for the purpose of the Regulation 2016/679 (WP253), which focus on the circumstances in which to impose a fine. The calculation of the amount of the fine is at the discretion of the supervisory authority, ...
Guidelines on consent
van de tekst in de afbeeldingen in de bijlage
Guidelines on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
Guidelines on relevant and reasoned objection under Regulation 2016/679
guidelines afwijkingen van artikel 49
Guidelines on the application of Article 60 GDPR
With the introduction of the GDPR, the concept of the one-stop shop was established as one of the main innovations. In cross-border processing cases, the supervisory authority in the Member State of the controller's or processor's main establishment is the authority leading the enforcement of the GDPR for the respective cross-border processing activities, in cooperation with all the authorities which may face the effects of the processing activities at stake: be it through the establishments ...
Guidelines on processing of personal data through video devices
Guidelines on transparency
binding corporate rules voor verwerkingsverantwoordelijken
guidelines accreditatie
guidelines uitvoeren overeenkomst
Guidelines on the use of facial recognition technology in the area of law enforcement
More and more law enforcement authorities (LEAs) apply or intend to apply facial recognition technology (FRT). It may be used to authenticate or to identify a person and can be applied on videos (e.g. CCTV) or photographs. It may be used for various purposes, including to search for persons in police watch lists or to monitor a person's movements in the public space. FRT is built on the processing of biometric data , therefore, it encompasses the processing of special categories ...
guidelines gedragscodes en toezichthoudende organen
guidelines cameratoezicht
guidelines meldplicht datalekken
Article 48 GDPR provides that: ' Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State, without prejudice to other grounds for transfer...
Guidelines on restrictions under Article 23 GDPR
Guidelines on personal data breach notification under GDPR
guidelines voor de toepassing van artikel 60 AVG
guidelines toestemming
Guidelines on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects
guidelines targeting gebruikers sociale media
guidelines territoriaal toepassingsgebied AVG
guidelines wisselwerking toepassing artikel 3 en hoofdstuk V AVG
Volgens artikel 46 van de AVG moeten verwerkingsverantwoordelijken/verwerkers passende waarborgen bieden voor de doorgifte van persoonsgegevens aan derde landen of internationale organisaties. Daarom worden in de AVG de verschillende passende waarborgen aangegeven die organisaties op grond van artikel 46 kunnen gebruiken voor doorgiften aan derde landen, onder meer door gedragscodes in te voeren als nieuw doorgiftemechanisme (artikel 40, lid 3, en artikel 46, lid 2, punt ...
guidelines beperkingen rechten van betrokkenen
Guidelines on virtual voice assistants
A virtual voice assistant (VVA) is a service that understands voice commands and executes them or mediates with other IT systems if needed. VVAs are currently available on most smartphones and tablets, traditional computers, and, in the latest years, even standalone devices like smart speakers. VVAs act as interface between users and their computing devices and online services such as search engines or online shops. Due to their role, VVAs have access to a huge amount of personal...
Guidelines on certification and identifying certification criteria
The GDPR requires in its Article 46 that data exporters shall put in place appropriate safeguards for transfers of personal data to third countries or international organisations. To that end, the GDPR diversifies the appropriate safeguards that may be used by data exporters under Article 46 for framing transfers to third countries by introducing, amongst others, certification as a new transfer mechanism (Articles 42 (2) and 46 (2) (f) GDPR). These guidelines provide guidance as to the applicati...
Guidelines on codes of conduct and monitoring bodies
The GDPR requires in its Article 46 that controllers/processors shall put in place appropriate safeguards for transfers of personal data to third countries or international organisations. To that end, the GDPR diversifies the appropriate safeguards that may be used by organisations under Article 46 for framing transfers to third countries by introducing amongst others, codes of conduct as a new transfer mechanism (articles 40-3 and 46-2-e). In this respect, as provi...
Guidelines on processing of personal data through video devices
Guidelines on certification and identifying certification criteria