Guidelines

After the table containing the list of Guidelines, you can find all the key documents adopted and published by the EDPB, ordered by year.

In the table, the dates in bold refer to the latest documents.

Table of the EDPB Guidelines ordered by year

Year G. Nr. Topic Adopted version GDPR/LED/ePrivacy
2024 Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR 8/10/2024 PC 6(1)(f) GDPR
2023 Guidelines 02/2023 Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive 14/11/2023 PC 3 ePrivacy
2023 Guidelines 01/2023 on Article 37 Law Enforcement Directive 19/09/2023 1.0-PC 37 LED
2022 Guidelines 9/2022 on personal data breach notification under GDPR 10/10/2022 1.0-PC R87-4(12)-32-33-34 GDPR
2022 Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority 28/3/2023 2.0 R36-4(16)-4(23)-56 GDPR
2022 Guidelines 07/2022 on certification as a tool for transfers 14/2/2023 2.0 46(2)(f) GDPR
2022 Guidelines 06/2022 on the practical implementation of amicable settlements 12/5/2022 2.0 R131 GDPR
2022 Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement 26/4/2023 2.0 60 GDPR
2022 Guidelines 04/2022 on the calculation of administrative fines under the GDPR 24/5/2023 2.0 83 GDPR
2022 Guidelines 3/2022 on deceptive design patterns in social media platform interfaces: how to recognise and avoid them 14/2/2023 2.0
2022 Guidelines 02/2022 on the application of Article 60 GDPR 14/3/2022 1.0 60 GDPR
2022 Guidelines 01/2022 on data subject rights - Right of access 28/3/2023 2.0 15/22 GDPR
2021 Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR 14/2/2023 2.0 3-44/50 GDPR
2021 Guidelines 04/2021 on codes of conduct as tools for transfers 22/2/2022 2.0
2021 Guidelines 03/2021 on the application of Article 65(1)(a) GDPR 13/4/2021 65(1)(a) GDPR
2021 Guidelines 02/2021 on Virtual Voice Assistants 7/7/2021 2.0
2021 Guidelines 01/2021 on Examples regarding Data Breach Notification 14/12/2021 2.0 4-33-34 GDPR
2020 Guidelines 10/2020 on restrictions under Article 23 GDPR 13/10/2021 2.0 23 GDPR
2020 Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679 9/3/2021 2.0 4-60-65 GDPR
2020 Guidelines 08/2020 on the targeting of social media users 2/9/2020 1.0
2020 Guidelines 07/2020 on the concepts of controller and processor in the GDPR 2/9/2020 1.0 4-24-28-29 GDPR
2020 Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR 15/12/2020 2.0
2020 Guidelines 05/2020 on consent under Regulation 2016/679 4/5/2020 1.0 4-6-7-8 GDPR
2020 Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak 21/4/2020
2020 Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak 21/4/2020
2020 Guidelines 02/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies 15/12/2020 2.0 46 GDPR
2020 Guidelines 01/2020 on processing personal data in the context of connected vehicles and mobility related applications 28/1/2020 1.0
2019 Guidelines 05/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1) 7/7/2020 2.0 17 GDPR
2019 Guidelines 04/2019 on Article 25 Data Protection by Design and by Default 20/10/2020 2.0 25 GDPR
2019 Guidelines 03/2019 on processing of personal data through video devices 29/1/2020 2.0
2019 Guidelines 02/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects 8/10/2019 2.0 6 GDPR
2019 Guidelines 01/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 4/6/2019 2.0 40-41 GDPR
2018 Guidelines 04/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) 4/6/2019 3.0 43 GDPR
2018 Guidelines 03/2018 on the territorial scope of the GDPR (Article 3) 16/11/2018 3 GDPR
2018 Guidelines 02/2018 on derogations of Article 49 under Regulation 2016/679 25/5/2018 49 GDPR
2018 Guidelines 01/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 25/5/2018 42-43 GDPR


Guidelines

2024

  1. Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR - Adopted on 8/10/2024 (v. 1.0) - Pub. 8/10/2024 - PC (comments by 20 November 2024);

2023

  1. Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive - Adopted on 14/11/2023 - Pub. 16/11/2023 - PC (comments by 28 December 2023);
  2. Guidelines 01/2023 on Article 37 Law Enforcement Directive - Adopted on 19/09/2023 (v. 1-0) - Pub. 27/09/2023 - PC (comments by 8 November 2023 at the latest);

2022

  1. Guidelines 9/2022 on personal data breach notification under GDPR - Adopted on 10/10/2022 (v. 1.0) - Pub. 18/10/2022 - PC (comments by 29th November 2022 at the latest);
  2. Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority - Adopted on 10/10/2022 (v. 1.0) - Adopted on 28/3/2023 (v. 2.0);
  3. Guidelines 07/2022 on certification as a tool for transfers - Adopted on 14/2/2023 (v. 2.0);
  4. Guidelines 06/2022 on the practical implementation of amicable settlements - Adopted on 12/5/2022 (v. 2.0);
  5. Guidelines 5/2022 on the use of facial recognition technology in the area of law enforcement - Adopted on 26/4/2023 (v. 2.0);
  6. Guidelines 4/2022 on the calculation of administrative fines under the GDPR - Adopted on 24/5/2023 (v. 2.0);
  7. Guidelines 03/2022 on deceptive design patterns in social media platform interfaces: how to recognise and avoid them - Adopted on 14/2/2023 (v. 2.0);
  8. Guidelines 02/2022 on the application of Article 60 GDPR - Adopted on 14/03/2022 (v.1.0);
  9. Guidelines 01/2022 on data subject rights - Right of access - Adopted on 28/3/2022 (v. 2.0);

2021

  1. Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR - Adopted on 14/2/2023 (v. 2.0);
  2. Guidelines 04/2021 on codes of conduct as tools for transfers - Adopted on 22/02/2022 (v.2.0);
  3. Guidelines 03/2021 on the application of Article 65(1)(a) GDPR - Adopted on 13/4/2021 - PC (16/4/2021 - 28/5/2021);
  4. Guidelines 02/2021 on virtual voice assistants - Adopted on 7/7/2021 (v.2.0);
  5. Guidelines 01/2021 on Examples regarding Data Breach Notification - Adopted on 14/12/2021 (v.2.0);

2020

  1. Guidelines 10/2020 on restrictions under Article 23 GDPR - Adopted on 13/10/2021 (v.2.0);
  2. Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679 - Adopted on 9/3/2021 (v.2.0);
  3. Guidelines 8/2020 on the targeting of social media users - Adopted on 13/4/2021 (v.2.0);
  4. Guidelines 07/2020 on the concepts of controller and processor in the GDPR - Adopted on 7/7/2021 (v.2.0);
  5. Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR - Adopted on 15/12/2020 (v.2);
  6. Guidelines 05/2020 on consent under Regulation 2016/679 - Adopted on 4/5/2020 (v.1.0);
  7. Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak - Adopted on 21/4/2020;
  8. Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak - Adopted on 21/4/2020
  9. Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies Adopted on 15/12/2020 (v.2);
  10. Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications - Adopted on 28/1/2020 (v.1) - PC (7/2/2020 - 4/5/2020).

2019

  1. Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1) - Adopted on 7/7/2020 (v.2.0);
  2. Guidelines 4/2019 on Article 25 Data Protection by Design and by Default - Adopted on 20/10/2020 (v.2.0);
  3. Guidelines 3/2019 on processing of personal data through video devices - Adopted on 29/1/2020 (v.2.0);
  4. Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects - Adopted on 8/10/2019 (v.2.0);
  5. Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 - Adopted on 4/6/2019 (v.2.0).

2018

  1. Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) - Annex 1 - Adopted on 4/12/2018 - PC (14/12/2018 - 1/2/2019).
  2. Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) - Adopted on 16/11/2018 - PC (23/11/2018 - 18/1/2019);
  3. Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679 - Adopted on 25/5/2018;
  4. Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 - Adopted on 25/5/2018 - PC (30/5/2018 - 12/7/2018).