Pay attention to future EU data protection guidance

The European Data Protection Board (EDPB) is an independent European body established by the General Data Protection Regulation (GDPR) which contributes to the consistent application of data protection rules throughout the European Union. The EDBP has now developed its two-year work program for 2019 and 2020.

Why does it matter?

Because the EDPB issues well-regarded opinions, guidelines, recommendations and best practices to promote a common understanding of the GDPR.

Key items on their agenda for employers and pension funds include producing the following items:

  • Updated guidelines on the notion of legitimate interest of the data controller
  • Updated guidelines on the concepts of data controller, joint controller and data processor
  • Guidelines on video surveillance
  • Guidelines on the rights of access, erasure, objection, restriction and limitations to these rights
  • Enhancement of existing IT solutions and development of new IT solutions, and
  • Data breach notifications

We can’t wait to receive extra clarity on these hot-button issues.

In the meantime, it is worth mentioning that following the implementation of the GDPR, the ICO, the UK national data protection authority, has produced new guidance (with examples) to assist organizations in determining whether they act as (joint) controller or as processor.

The EDPB’s work program and ICO guidance can be found on and