The European Data Protection Board (EDPB), established by the General Data Protection Regulation (GDPR), is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities. The EDPB is composed of representatives of the national data protection authorities and the European Data Protection Supervisor (EDPS). The Vice-Chairman of the EDPB is Mr Ventsislav Karadjov – the Chairman of the Bulgarian Commission for Personal Data Protection.
One of the main tasks of the Board is to provide general guidance (including guidelines, recommendations and best practice) to clarify the law.
At the November plenary EDPB adopted Guidelines on Data Protection by Design & Default. The guidelines focus on the obligation of Data Protection by Design and by Default (DPbDD) as set forth in Art. 25 GDPR. The core obligation here is the effective implementation of the data protection principles and data subjects’ rights and freedoms by design and by default. This requires that controllers implement appropriate technical and organisational measures and the necessary safeguards, designed to ascertain data protection principles in an effective manner and to protect the rights and freedoms of data subjects. In addition, controllers must be able to demonstrate that the implemented measures are effective. The guidelines have been submitted for public consultation by 16 January 2020 – HERE.
At the December plenaryEDPB adopted draft guidelines on the criteria of the Right to be Forgotten in the search engine cases under the GDPR. The guidelines provide an interpretation of Art. 17 GDPR with regard to the grounds and exceptions for delisting requests directed to search engine providers. These guidelines, which will be presented for public consultation, will be complemented by another set of guidelines on the criteria for handling complaints for refusals of delisting.
