EDPB Guidelines

European Data Protection Board (EDPB) Guidelines / Linee Guida Regolamento (UE) 2016/679 "Privacy" / Update Sett. 2025

ID 24588 | 21.09.2025 / Attached

General guidance to clarify the law and to promote common understanding of EU data protection laws / Update Sett. 2025 

Guidelines 3/2025 on the interplay between the DSA and the GDPR - v. 1.1 (12 September 2025)
Guidelines 2/2024 on Article 48 GDPR - v. 2.1 (5 June 2025)
Guidelines 2/2025 on processing of personal data through blockchain technologies (14 April 2025) 
Guidelines 1/2025 on Pseudonymisation (17 January 2025)
Guidelines 2/2024 on Article 48 GDPR - v. 1.0 (3 December 2024) Obsolete
Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive - v. 2.0 (16 October 2024)
Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR (8 October 2024)
Guidelines 1/2023 on Article 37 Law Enforcement Directive - v. 2.1 (19 June 2024)
Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive - v. 1.0 (16 November 2023) Obsolete
Guidelines 1/2023 on Article 37 Law Enforcement Directive - v. 1.0 (19 June 2024) Obsolete
Guidelines 4/2022 on the calculation of administrative fines under the GDPR (24 May 2023)
Guidelines 3/2021 on the application of Article 65(1)(a) GDPR (24 May 2023)
Guidelines 5/2022 on the use of facial recognition technology in the area of law enforcement (17 May 2023)
Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority (17 April 2023)   
Guidelines 1/2022 on data subject rights - Right of access (17 April 2023)
Guidelines 9/2022 on personal data breach notification under GDPR (4 April 2023)
Guidelines 7/2022 on certification as a tool for transfers (24 February 2023)
Guidelines 5/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (24 February 2023)
Guidelines 3/2022 on deceptive design patterns in social media platform interfaces (24 February 2023)
Guidelines 6/2022 on the practical implementation of amicable settlements (12 May 2022)
Guidelines 2/2022 on the application of Article 60 GDPR (14 March 2022)
Guidelines 4/2021 on Codes of Conduct as tools for transfers (22 February 2022)
Guidelines 1/2021 on Examples regarding Personal Data Breach Notification (3 January 2022)
Guidelines 10/2020 on restrictions under Article 23 GDPR  (13 October 2021)
Guidelines 7/2020 on the concepts of controller and processor in the GDPR (7 July 2021)
Guidelines 2/2021 on virtual voice assistants (7 July 2021)
Guidelines 8/2020 on the targeting of social media users (13 April 2021)
Guidelines 1/2018 addendum on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation) (6 April 2021)
Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016 679 (9 March 2021)
Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications (9 March 2021)
Guidelines 1/2021 on Examples regarding Data Breach Notification (19 January 2021)
Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016 679 for transfers of personal data between EEA and non-EEA public authorities and bodies (15 December 2020)
Guidelines 6/2020 on the interplay of the Second Payment Services Directive and the GDPR (15 December 2020)
Guidelines 4/2019 on Article 25 Data Protection by Design and by Default (20 October 2020)
Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1) (7 July 2020)
Guidelines 5/2020 on consent under Regulation 2016 679 (4 May 2020)
Guidelines 4/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak  (21 April 2020)
Guidelines 3/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak (21 April 2020)
Guidelines 3/2019 on processing of personal data through video devices (30 January 2020)
Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications (28 January 2020)
Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) (12 November 2019)
Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects (16 October 2019)
Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016 679 (4 June 2019)
Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation (4 June 2019)
Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016 679 - Annex 2 (14 February 2019)
Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (4 June 2019)
Guidelines 2/2018 on derogations of Article 49 under Regulation 2016 679 (25 May 2018)
________

Fonte European Data Protection

Collegati

Allegati

Allegati

	Descrizione	Lingua	Dimensioni	Downloads
	Guidelines 1/2023 on Article 37 Law Enforcement Directive v. 1.0	EN	543 kB	5
	Guidelines 1/2018 addendum on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation)	IT	291 kB	34
	Guidelines 3/2025 on the interplay between the DSA and the GDPR - v. 1.1	EN	684 kB	718
	Guidelines 2/2024 on Article 48 GDPR v. 2.1	EN	638 kB	256
	Guidelines 2/2025 on processing of personal data through blockchain technologies	EN	541 kB	200
	Guidelines 1/2025 on Pseudonymisation	EN	885 kB	69
	Guidelines 2/2024 on Article 48 GDPR	EN	592 kB	142
	Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive - v. 2.0	IT	420 kB	78
	Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR	EN	705 kB	49
	Guidelines 1/2023 on Article 37 Law Enforcement Directive v. 2.1	EN	616 kB	70
	Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive v. 1	IT	361 kB	60
	Guidelines 4/2022 on the calculation of administrative fines under the GDPR	IT	1764 kB	34
	Guidelines 3/2021 on the application of Article 65(1)(a) GDPR	IT	582 kB	40
	Guidelines 5/2022 on the use of facial recognition technology in the area of law enforcement	IT	1611 kB	35
	Guidelines 8/2022 on identifying a controller or processor’s lead supervisory authority	IT	410 kB	39
	Guidelines 1/2022 on data subject rights - Right of access	IT	1404 kB	24
	Guidelines 9/2022 on personal data breach notification under GDPR	IT	657 kB	34
	Guidelines 7/2022 on certification as a tool for transfers	IT	588 kB	28
	Guidelines 5/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR	IT	721 kB	24
	Guidelines 3/2022 on deceptive design patterns in social media platform interfaces	IT	1839 kB	24
	Guidelines 6/2022 on the practical implementation of amicable settlements	IT	1636 kB	27
	Guidelines 2/2022 on the application of Article 60 GDPR	IT	697 kB	23
	Guidelines 4/2021 on Codes of Conduct as tools for transfers	IT	196 kB	26
	Guidelines 1/2021 on Examples regarding Personal Data Breach Notification - Dec. 2021	IT	333 kB	24
	Guidelines 10/2020 on restrictions under Article 23 GDPR	IT	430 kB	22
	Guidelines 7/2020 on the concepts of controller and processor in the GDPR	IT	1395 kB	23
	Guidelines 2/2021 on virtual voice assistants	IT	358 kB	24
	Guidelines 8/2020 on the targeting of social media users	IT	519 kB	27
	Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016 679	IT	186 kB	28
	Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications - v. 2	IT	319 kB	44
	Guidelines 1/2021 on Examples regarding Personal Data Breach Notification	IT	333 kB	23
	Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016 679 for transfers of personal data between EEA and non-EEA public authorities and bodies	IT	204 kB	30
	Guidelines 6/2020 on the interplay of the Second Payment Services Directive and the GDPR	IT	326 kB	24
	Guidelines 4/2019 on Article 25 Data Protection by Design and by Default	IT	600 kB	31
	Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1)	IT	223 kB	24
	Guidelines 5/2020 on consent under Regulation 2016 679	IT	312 kB	23
	Guidelines 4/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak	IT	1017 kB	23
	Guidelines 3/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak	IT	198 kB	32
	Guidelines 3/2019 on processing of personal data through video devices	IT	1675 kB	28
	Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications	IT	670 kB	23
	Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)	IT	301 kB	25
	Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects	IT	452 kB	33
	Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016 679	IT	550 kB	33
	Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation	IT	637 kB	23
	Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016 679 - Annex 2	IT	157 kB	24
	Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation	IT	195 kB	34
	Guidelines 2/2018 on derogations of Article 49 under Regulation 2016 679	IT	241 kB	34