- Limiting Data Subject Rights and the Application of Article 23 of the GDPR
- Anonymisation and pseudonymisation
- Guidance on qualifications for DPOs (GDPR)
- Data Processing Operations that require a Data Protection Impact Assessment
- Data security guidance
Guidance for SMEs - Guidance for micro enterprises
- Guidance: A practical Guide to Data Controller to Data Processor Contracts
- European Data Protection Board
- EDPB Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 - version for public consultation
- EDPB Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679
- EDPB Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) - version for public consultation
- EDPB Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) - version for public consultation
- EDPB Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)
- Article 29 Working Party GDPR Guidelines, endorsed by EDPB
- Guidelines on consent under Regulation 2016/679, WP rev.01
- Guidelines on transparency under Regulation 2016/679, WP260 rev. 01
- Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679, WP251rev.01
- Guidelines on Personal data breach notification under Regulation 2016/679, WP 251rev.01
- Guidelines on the right to "data portability" under Regulation 2016/679, WP242 rev.01
- Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is "likely to result in a high risk" for the purposes of Regulation 2016/679, WP248 rev.01
- Guidelines on Data Protection Officers ('DPO'), WP243 rev.01
- Guidelines for identifying a controller or processor's lead supervisory authority, WP244 rev.01
- Position Paper on the derogations from the obligation to maintain record of processing activities pursuant to Article 30(5) GDPR
- Working Document Setting Forth a Co-operation Procedure for the approval of "Binding Corporate Rules" for controllers and processers under the GDPR, WP 263 rev.01
- Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data, WP 264
- Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rules for the Transfer of Personal Data, WP 265
- Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules, WP 256 rev.01
- Working Document setting up a table with the elements and principles to be found in Processor Binding Corporate Rules, WP 257 rev.01
- Adequacy Referential, WP 254 rev.01
- Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679, WP 253