European Data Protection Board (Article 29 Working Party) by theme

As mentioned in Articles 63 to 76 and Recitals (135) to (140) of the GDPR, the European Data Protection Board (EDPB) [LINK] is the EU body in charge of the application of the General Data Protection Regulation (GDPR) as of 25 May 2018. It's made up of the head of each DPA and of the European Data Protection Supervisor (EDPS) or their representatives. The European Commission takes part in the meetings of the EDPB without voting rights. The secretariat of the EDPB is provided by the EDPS. 

The Article 29 Working Party (Art. 29 WP) was the independent European working party that dealt with issues relating to the protection of privacy and personal data prior to 25 May 2018 (entry into application of the GDPR

Bizoneo follow the clarification offered by the EDPB to ensure it remains the easiest solution to centralise GDPR activity.

Official GDPR text in all EU languages

This is not an EDPB text, but it's the key to all  [LINK]


Tip: To help prepare privacy policies (Article 12,13, 14)

Personal data

Tip: Personal Data is different to PII (personally identifiable information). Article 4 of GDPR reminder: 'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data at work

Personal Data at work is a major piece. Employers need to tell staff how their personal data is handled.


Portability is linked to transparency since it's one of the data-subject rights under GDPR


Tip: remember that consent is only one of the 6 lawful bases of processing.

Cookie Consent

Note: cookie consent is e-Privacy rather than GDPR.

Breach notification

Tip: To help prepare breach notifications (Article 33)


Automated decision-making and Profiling

Data Protection Impact Assessment (DPIA)

Data Protection Officers


Tip: Use anonymisation with care, as data may not be as anonymous as it seems.

Export personal data outside the EEA


Binding corporate rules

Binding corporate rules are internal rules for data transfers within multinational companies.

Privacy Shield

The EU-US Privacy Shield decision was adopted on 12 July 2016 and the Privacy Shield framework became operational on 1 August 2016. 

Note: Privacy shield is based on the Directive 95/46/EC (eg pre-GDPR). Privacy Shield is not up to the standard of GDPR.

Contractual clauses