List of the EDPB Guidelines

GuidelinesIssuing entityTypeAdoptedFinalizedRedline between versionsCurrent versionFinalization delays (days)Topic
Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679EDPBGuidelines25/05/201804/06/2019Unavailable375Monitoring
Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679WPGuidelines25/05/2018UnavailableData Transfers
Guidelines for identifying a controller or processor’s lead supervisory authority, WP244 rev.01WPGuidelines25/05/2018UnavailableOne-Stop-Shop
Guidelines on Personal data breach notification under Regulation 2016/679, WP250 rev.01WPGuidelines25/05/2018UnavailableSecurity
Guidelines on the right to data portability under Regulation 2016/679, WP242 rev.01WPGuidelines25/05/2018UnavailableData Subjects’ Rights
Guidelines on Transparency under Regulation 2016/679 (wp260rev.01)WPGuidelines25/05/2018UnavailableTenet
Guidelines 03/2018 on the territorial scope of the GDPR (Article 3)EDPBGuidelines23/11/1812/11/2019Unavailable354Core notions
Guidelines 04/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)EDPBGuidelines14/12/201804/06/2019Unavailable172Monitoring
Guidelines 01/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679EDPBGuidelines14/02/201904/06/2019Unavailable110Monitoring
Guidelines 02/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjectsEDPBGuidelines12/04/201908/10/2019Unavailable179Core notions
Recommendation 01/2019 on the draft list of the European Data Protection Supervisor regarding the processing operations subject to the requirement of a data protection impact assessment (Article 39.4 of Regulation (EU) 2018/1725)EDPBRecommendation
10/07/2019UnavailableDPIA
Guidelines 03/2019 on processing of personal data through video devicesEDPBGuidelines10/07/201929/02/2020Unavailable234Technology
Guidelines 04/2019 on Article 25 Data Protection by Design and by DefaultEDPBGuidelines20/11/201920/10/2020Unavailable335Core notions
Guidelines 05/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1)EDPBGuidelines11/12/201907/07/2020Unavailable209Data Subjects’ Rights
Guidelines 01/2020 on processing personal data in the context of connected vehicles and mobility related applicationsEDPBGuidelines28/01/202009/03/2021Unavailable406Technology
Guidelines 02/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodiesEDPBGuidelines24/02/202015/12/2020Unavailable295Data transfers
Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreakEDPBGuidelines21/04/2020UnavailableHealth
Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreakEDPBGuidelines21/04/2020UnavailableHealth
Guidelines 05/2020 on consent under Regulation 2016/679EDPBGuidelines04/05/2020UnavailableCore notions
Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPREDPBGuidelines22/07/202015/12/2020Unavailable146Interplay
Guidelines 07/2020 on the concepts of controller and processor in the GDPREDPBGuidelines06/09/202007/07/2021Unavailablev 2.1304Core notions
Guidelines 08/2020 on the targeting of social media usersEDPBGuidelines07/09/202013/04/2021Unavailable218Technology
Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679EDPBGuidelines13/10/202009/03/2021Unavailable147Core notions
Recommendations 02/2020 on the European Essential Guarantees for surveillance measuresEDPBRecommendation
10/11/2020UnavailableLaw enforcement
Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal dataEDPBRecommendation
11/11/202018/06/2021Unavailable219Data transfers
Guidelines 10/2020 on restrictions under Article 23 GDPREDPBGuidelines18/12/202013/10/2021Unavailable299Core notions
Guidelines 01/2021 on Examples regarding Data Breach NotificationEDPBGuidelines14/01/202114/12/2022Unavailable699Security
Recommendations 01/2021 on the adequacy referential under the Law Enforcement DirectiveEDPBRecommendation
02/02/2021UnavailableData transfers
Guidelines 02/2021 on Virtual Voice AssistantsEDPBGuidelines09/03/202107/07/2021Unavailable120Technology
Guidelines 03/2021 on the application of Article 65(1)(a) GDPREDPBGuidelines13/04/2021UnavailableCore notions
Recommendations 02/2021 on the legal basis for the storage of credit card data for the sole purpose of facilitating further online transactionsEDPBRecommendation
19/05/2021UnavailableTechnology
Guidelines 04/2021 on codes of conduct as tools for transfersEDPBGuidelines07/07/202122/02/2022Unavailable230Data transfers
Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPREDPBGuidelines18/11/202114/02/2023Unavailablev 2.0453Interplay
Guidelines 01/2022 on data subject rights – Right of accessEDPBGuidelines18/01/202228/03/2023UnavailableData Subjects’ Rights
Guidelines 02/2022 on the application of Article 60 GDPREDPBGuidelines14/03/2022UnavailableCore notions
Guidelines 03/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid themEDPBGuidelines14/03/2022UnavailableTechnology
Guidelines 04/2022 on the calculation of administrative fines under the GDPREDPBGuidelines12/05/2022UnavailableCore notions
Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcementEDPBGuidelines12/05/202226/04/2023Available herev 2.0349Law enforcement
Guidelines 06/2022 on the practical implementation of amicable settlementsEDPBGuidelines18/11/202112/05/2022Unavailable175Core notions
Guidelines 07/2022 on certification as a tool for transfersEDPBGuidelines14/06/2022Unavailable245Data transfers
Guidelines 08/2022 on identifying a controller or processor’s lead supervisory authorityEDPBGuidelines10/10/202228/03/2023Unavailablev 2.0223One Stop Shop