The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities. The EDPB is established by the General Data Protection Regulation (GDPR), and is based in Brussels.
The EDPB is composed of representatives of the EU national data protection authorities (national Supervisory Authorities), and the European Data Protection Supervisor (EDPS). The supervisory authorities of the EFTA EEA States (IS, LI, NO) are also members with regard to GDPR-related matters and without the rights to vote and to be elected as chair or deputy chairs. The European Commission and - with regard to GDPR-related matters - the EFTA Surveillance Authority have the right to participate in the activities and meetings of the Board without voting rights.
We act in accordance with our rules of procedure and the guiding principles included therein.
Tasks and duties
Our main tasks and duties are:
- providing general guidance (including guidelines, recommendations and best practices) to clarify the law and to promote a common understanding or EU data protection laws;
- adopting opinions addressed to the European Commission or to the national Supervisory Authorities:
- to advise the European Commission on any issue related to the protection of personal data and new proposed legislation in the European Union (Art. 70 GDPR). In some instances, we issue Joint Opinions together with the EDPS (Art.42 of Regulation 2018/1725);
- to ensure consistency of the activities of national Supervisory Authorities on cross border matters (Art. 64 GDPR). If authorities fail to respect an opinion issued by the EDPB, we may adopt a binding decision;
- adopting binding decisions addressed to the national Supervisory Authorities and aiming to settle disputes arising between them when they cooperate to enforce the GDPR, with the purpose of ensuring the correct and consistent application of the GDPR in individual cases;
- promote and support the cooperation among national Supervisory Authorities.
The EDPB does not enforce EU data protection laws and does not provide individual consultancy services. Please note that individuals or organisations with questions related to data protection law are advised to consult the website of the Supervisory Authority in the country where they are based. (Please find a list here: Our Members)
Our guiding principles are:
- Independence and impartiality
- Good governance, integrity and good administrative behaviour
- Efficiency and modernisation
See the EDPB rules of procedure for more information.