Lexicon > European Data Protection Board

IT Lexicon

European Data Protection Board

The European Data Protection Supervisor (EDPS) is an independent European body that contributes to the consistent application of the GDPR in the European Union and promotes cooperation between supervisory authorities authorities of the EU member states.

The EDPS is the successor of the Article 29 Working Party which dealt with issues related to the protection of personal data protection until the entry into force of the GDPR on 25 May 2018.

It is composed of representatives of the supervisory authorities of each EU member state and the European Data Protection Supervisor.

The European Data Protection Committee shall exercise the tasks and powers conferred on it by the GDPR in full independence.

On its own initiative or at the request of the European Commission, it is responsible for

  • To monitor and ensure the proper application of the GDPR;
  • Advise the European Commission on all matters relating to personal data protection, new proposed legislation in the European Union and binding corporate rules;
  • To publish guidelines, recommendations and best practices and to review their proper application;
  • Encourage the development of codes of conduct and the establishment of certification mechanisms;
  • To promote cooperation and exchange of information, knowledge and documentation on data protection legislation and practices with data protection supervisory authorities of all countries.

GDPR Point

” In applying the consistency mechanism, the Board should, within a determined period of time, issue an opinion, if a majority of its members so decides or if so requested by any supervisory authority concerned or the Commission.

The Board should also be empowered to adopt legally binding decisions where there are disputes between supervisory authorities.”

Recital 136 of the GDPR

Point of jurisprudence

The European Data Protection Board found that the Court of Justice of the European Union (CJEU) had violated Regulation 2018/1725 by not ” did not provide users of its website with a way to withdraw their consent to the use of cookies as easily as if they were giving it – such as an “opt-out” button displayed in the same place and manner as the “accept” button. Instead, to decline cookies, users had to click on the “more information” button and scroll almost to the bottom of the page to withdraw their consent.

European Data Protection Board, May 3, 2021, No. 2019-0878

The Bouchara Law firm assists you in particular in :

  • The drafting and negotiation of your cloud computing contracts;
  • Making your organization GDPR compliant;
  • The drafting of data protection policies (privacy policy, computer charter …);
  • Documentation of your processing (register of processing activities, register of violations, privacy impact analysis, prior consultation…);
  • Obtaining certifications and adhering to codes of conduct;
  • The study of the legal feasibility of the implementation of a new personal data processing;
  • The drafting and transmission of your codes of conduct to the CNIL for approval;
  • Legal analysis of the compliance of your data processing, including data transfers outside the European Economic Area;
  • Drafting and negotiating your data processing agreements (DPA);
  • Drafting your Binding Corporate Rules (BCR) and Codes of Conduct;
  • Training and awareness of your employees.

We are also the external Data Protection Officer of many data processors and subcontractors.