general data protection regulation eu guidance...
TRANSCRIPT
0
General Data Protection Regulation – EU Guidance Overview
Key operational controls Respecting data subjects’ rights Transfers of
personal data
Governance and policy frameworks Personal data security
Core concepts
and consent
Sanctions Privacy notices Individual rights International
transfers
Accountability Codes and
certification
Data security Data processors
Guidance
under
preparation
by the
A29WP
Mandatory
guidance
from the
EDPB under
Art 70 (1)
(or
supervisory
authority
where
indicated)
Potential
delegated
acts by the
European
Commission
Areas in
which
additional
guidance
might be
helpful
The role of the
Data Protection
Officer (WP 243)
Privacy impact
assessments
(Draft WP 248)
Data portability
rights (WP 242)Criteria for
certification and
certification
bodies
(FabLab)
Opinion on icons
in privacy notices
(r)
Implementing
RTBF if data is
passed to third
parties (d)
Criteria for
profiling based
on consent/
contract/ legal
obligation (f)
Use of icons in
privacy notices
(Art 12(8))
Level of detail
required for
records of
processing
(Art 30)
Guidance on
notifying
breaches to
regulators (g)
Guidance on
notifying
breaches to
individuals (h)
Status of the
new security
requirements
(Art 32)
Standard data
processing
clauses
(Art 28(7))
Obligations in
relation to
codes and
certifications
(n)-(q), (x)
Approval or
criteria for code
of conduct or
certifications
(Art 42, 43).
Guidance on
requirements for
BCRs (i)
Guidance on
individual
derogations (j)
Opinion on
adequacy of third
countries (s)
Decision that a third
country provides
adequate protection
(Art 45)
Adoption of
standard
contractual clauses
(Art 46)
Transfers based on
foreign legal and
regulatory requests
(Art 48)
Application of the
minor transfer
exemption
(Art 49(1))
Guidance on the
use by a
supervisory of
its powers and
setting of fines
(k)
Handling
individual
complaints (m)
Supervisory
authority to
prepare list of
high risk
processing
subject to impact
assessment
(Art 35(4)
Meaning of
monitoring
behaviour
(Art 3)
Liability of
representatives
of non-EU
entities (Art 27)
* See the Article 29 Working Party’s Adoption of the 2017 GDPR Action Plan.
This table is intended to identify situations in which EU wide guidance will be, or could usefully be, provided to controllers and processors. It does not list guidance issued by individual
supervisory authorities nor powers of the supervisory authorities or European Data Protection Board that could not reasonably be described as guidance. The information in this table is for
general information purposes only and does not claim to be comprehensive or provide legal or other advice.
Lead
supervisory
authority
(WP 244)
4 531 2
Effort and
exemption
guidance for
DSARs (Art 15)
Guidance on
administrative
fines*
Guidance on
consent*
Guidance on
profiling*
Guidelines on
transparency*
Update to
guidance on data
transfers to third
countries*
Update to
guidance on
notification of
security
breaches*