All individuals residing in the European Economic Area (EEA) have the right to the protection of their personal data.

More specifically, under the GDPR, you have several rights

• Right to be informed
• Right of access
• Right to rectification
• Right to restriction of processing
• Right to data portability
• Right to object
• Right not be subject to a decision based solely on automated processing.

For more information on your rights, please consult our leaflet The GDPR and your rights or the EDPB Data Protection Guide for small business.

The EDPB endorsed WP29 documents are available here.

As regards the other existing WP29 documents, they may remain relevant and helpful insofar as the EDPB has not adopted new documents on the topic and/or they are compatible with the GDPR. This amounts to a case-by-case assessment.

The archived documents adopted by the Article 29 Working Party (1997-2016) are available on the website of the European Commission here: WP29 archive.

Should you experience any difficulty accessing WP29 documents, we recommend contacting the European Commission's DG Justice. The European Commission provided the Secretariat for the Article 29 Working Party and was responsible for all its publications. 

You can contact them by filling out the following form

Once a public consultation is closed, all contributions to the public consultation are reviewed and, where necessary, the guidelines may be adapted. Once this process has been completed, the guidelines will be up for final adoption at a subsequent EDPB plenary.

Unfortunately, the EDPB cannot consider late contributions as part of the public consultation.

All comments submitted are screened and reviewed manually before being displayed on our website. There should have been a visual confirmation after submitting your comments on our website.

In any case, please allow for some time before your comments are published.

We are constantly working on the translation of our documents into the official EU languages.
All static content, as well as press releases and documents officially adopted by the Board, such as Guidelines, will be made available in these languages.

This process takes time and various steps need to be completed in order to provide translations of the best quality.

Please note that documents undergoing public consultation are usually not translated. It is only after the public consultation has been concluded and a final version of the document has been adopted by the Board that these documents will be translated.

All documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.

Once published, recently adopted documents will be listed under “latest publications” on the main page of this website.

You can also find overviews of the documents adopted per plenary on the EDPB news page.

Every organisation, regardless of the their size or sector, established in the European Economic Area (EEA) or offering products or services to individuals in the EEA, processing personal data whether or not by automated means needs to comply with the GDPR. The GDPR applies to the automated processing of personal data and to processing operations carried out manually from the moment the paper files are organised in a systematic manner, e.g. ordered alphabetically in a filing cabinet.

Examples of processing operations include collecting, recording, organising, using, modifying, storing, disclosing, altering and erasing individuals’ personal data.

Nevertheless, the application of the GDPR is modulated according to the nature, context, purposes and risks of the processing operations carried out. For SMEs whose core business is not the processing of personal data, the obligations can be less strict than for a large company.

The EDPB aims to ensure the consistent application of the General Data Protection Regulation and of the Law Enforcement Directive in the European Economic Area (EEA). The EDPB also looks into the application of certain aspects of the ePrivacy Directive.

Our main tasks and duties are:

• providing general guidance (including guidelines, recommendations and best practices) to clarify the law and to promote a common understanding of EU data protection laws;
• adopting opinions addressed to the European Commission or to the national Data Protection Authorities (DPAs):
  • to advise the European Commission on any issue related to the protection of personal data and newly proposed legislation in the European Union (Art. 70 GDPR). In some instances, we issue Joint Opinions together with the EDPS (Art.42 of Regulation 2018/1725);
  • to ensure consistency of the activities of national data protection authorities (DPAs) on cross-border matters (Art. 64 GDPR). If authorities fail to respect an opinion issued by the EDPB, we may adopt a binding decision;
• adopting binding decisions addressed to the national DPAs and aiming to settle disputes between them when they cooperate in cross-border cases, with the purpose of ensuring the correct and consistent application of the GDPR in individual cases;
• promoting and supporting the cooperation among national DPAs.