As mentioned in Articles 63 to 76 and Recitals (135) to (140) of the GDPR, the European Data Protection Board (EDPB) [LINK] is the EU body in charge of the application of the General Data Protection Regulation (GDPR) as of 25 May 2018. It's made up of the head of each DPA and of the European Data Protection Supervisor (EDPS) or their representatives. The European Commission takes part in the meetings of the EDPB without voting rights. The secretariat of the EDPB is provided by the EDPS.
The Article 29 Working Party (Art. 29 WP) was the independent European working party that dealt with issues relating to the protection of privacy and personal data prior to 25 May 2018 (entry into application of the GDPR
Bizoneo follow the clarification offered by the EDPB to ensure it remains the easiest solution to centralise GDPR activity.
This is not an EDPB text, but it's the key to all [LINK]
Tip: To help prepare privacy policies (Article 12,13, 14)
Tip: Personal Data is different to PII (personally identifiable information). Article 4 of GDPR reminder: 'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal Data at work is a major piece. Employers need to tell staff how their personal data is handled.
Portability is linked to transparency since it's one of the data-subject rights under GDPR
Tip: remember that consent is only one of the 6 lawful bases of processing.
Note: cookie consent is e-Privacy rather than GDPR.
Tip: To help prepare breach notifications (Article 33)
13 February 2018 - Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01) [LINK]
Tip: Use anonymisation with care, as data may not be as anonymous as it seems.
Binding corporate rules are internal rules for data transfers within multinational companies.
The EU-US Privacy Shield decision was adopted on 12 July 2016 and the Privacy Shield framework became operational on 1 August 2016.
Note: Privacy shield is based on the Directive 95/46/EC (eg pre-GDPR). Privacy Shield is not up to the standard of GDPR.