- Securing Cloud-based Environments
- Guidance on Connected Toys and Devices
- Guidance for Controllers on Data Security
- Guidance for Drivers on the use of "Dash Cams"
- Data Protection and Community Based CCTV Schemes
- Video Recording
- Guidance on Cookies and Similar Technologies
- Guidance on the Use of CCTV - For Data Controllers
- Guidance on the Use of CCTV - For Individuals
- Quick Guide to GDPR Breach Notifications
- Transfers of Personal Data from Ireland to the UK in the Event of a 'No-Deal' Brexit
- Transfers of Personal Data to Third Countries or International Organisations
- Limiting Data Subject Rights and the Application of Article 23 of the GDPR
- Anonymisation and pseudonymisation
- Guidance on qualifications for DPOs (GDPR)
- Data Processing Operations that require a Data Protection Impact Assessment
- Guidance for Controllers on Data Security
- GDPR Guidance for SMEs
- Data Security Guidance for Microenterprises
- A Practical Guide to Controller-Processor Contracts
- European Data Protection Board
- EDPB Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679
- EDPB Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679
- EDPB Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) - version for public consultation
- EDPB Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)
- EDPB Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 - version adopted after public consultation
- EDPB Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects
- EDPB Guidelines 3/2019 on processing of personal data through video devices
- Article 29 Working Party GDPR Guidelines, endorsed by EDPB
- Guidelines on consent under Regulation 2016/679, WP rev.01
- Guidelines on transparency under Regulation 2016/679, WP260 rev. 01
- Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679, WP251rev.01
- Guidelines on Personal data breach notification under Regulation 2016/679, WP 251rev.01
- Guidelines on the right to "data portability" under Regulation 2016/679, WP242 rev.01
- Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is "likely to result in a high risk" for the purposes of Regulation 2016/679, WP248 rev.01
- Guidelines on Data Protection Officers ('DPO'), WP243 rev.01
- Guidelines for identifying a controller or processor's lead supervisory authority, WP244 rev.01
- Position Paper on the derogations from the obligation to maintain record of processing activities pursuant to Article 30(5) GDPR
- Working Document Setting Forth a Co-operation Procedure for the approval of "Binding Corporate Rules" for controllers and processers under the GDPR, WP 263 rev.01
- Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data, WP 264
- Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rules for the Transfer of Personal Data, WP 265
- Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules, WP 256 rev.01
- Working Document setting up a table with the elements and principles to be found in Processor Binding Corporate Rules, WP 257 rev.01
- Adequacy Referential, WP 254 rev.01
- Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679, WP 253