Informacijski pooblaščenec Republika Slovenija
dekorativna slika

European Data Protection Board Cooperation

+ -

The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities. 

The EDPB is composed of representatives of the national data protection authorities, and the European Data Protection Supervisor (EDPS). The EDPB is established by the General Data Protection Regulation (GDPR), and is based in Brussels.


EDPB aims to ensure the consistent application in the European Union of the General Data Protection Regulation and of the European Law Enforcement Directive.

It can adopt general guidance to clarify the terms of European data protection laws, giving our stakeholders a consistent interpretation of their rights and obligations. It is also empowered by the GDPR to make binding decisions towards national supervisory authorities to ensure a consistent application.

EDPB acts in accordance with its own rules of procedure and guiding principles.

EDPB competences

The EDPB is an independent European body with legal personality that contributes to the consistent application of data protection rules throughout the European Union and promotes cooperation between supervisory authorities. The EDPB is composed of the heads of the Supervisory Authorities (SA) and the European Data Protection Supervisor (EDPS) or their representatives. Instead of answering specific, individual requests, the EDPB issues general guidance. On 25 May 2018, the EDPB has endorsed the guidance provided on the GDPR provided by WP29:

The EDPB is also developing additional guidance, available here:

Data Protection Impact Assessment List

The list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under the Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR). The list is based on Article 29 Working Party “Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679”.

The DPIA list is available here.