Article 70 of GDPR (Tasks of The European Data Protection Board)

Article 70 of GDPR: Tasks of The European Data Protection Board

Article 70 of GDPR outlines the tasks and responsibilities of the European Data Protection Board.

The ultimate objective of the EDPB is to ensure that the terms of GDPR are applied consistently.

Tasks of the EDPB (Article 70(1) GDPR)

The EDPB is formally given the following tasks under GDPR:

  1. Ensure the correct application of GDPR in rendering its opinions and in instances of dispute resolution (Article 70(1)(a) GDPR)
  2. Provide the Commission advice on data protection issues (Article 70(1)(b) GDPR)
  3. Advise the Commission on the mechanism for the exchange of information related to binding corporate rules (Article 70(1)(c) GDPR)
  4. Provide guidelines on the exercise of the right to be forgotten (Article 70(1)(d) GDPR)
  5. Examine questions relating to the application of GDPR and define best practices for the consistent application of GDPR (Article 70(1)(e) GDPR)
  6. Issue best practices and specify criteria for decisions based on profiling (Article 70(1)(f) GDPR)
  7. Issue guidelines and recommendations relating to data breach notifications (Article 70(1)(g) GDPR)
  8. Issue guidelines and recommendations when a personal data breach is likely to result in a high risk to data subjects (Article 70(1)(h) GDPR)
  9. Issue guidelines and recommendations for data transfer based on binding corporate rules (Article 70(1)(i) GDPR)
  10. Issue guidelines and recommendations for data transfers in instances when there are no adequacy decisions or appropriate safeguards (Article 70(1)(j) GDPR)
  11. Issue guidelines for the supervisory authority in exercising its powers and issue administrative fines (Article 70(1)(k) GDPR)
  12. Review the guidelines and recommendations relating to profiling and data breach notifications (Article 70(1)(l) GDPR)
  13. Issue guidelines and recommendations on how data subjects can report infringement of GDPR (Article 70(1)(m) GDPR)
  14. Support the confection of codes of conduct and certification mechanisms (Article 70(1)(n) GDPR)
  15. Handle accreditation of certification bodies (Article 70(1)(o) GDPR)
  16. Specify the accreditation requirements for certification and certification bodies (Article 70(1)(p) GDPR)
  17. Provide the Commission with its opinion with regards to certification requirements (Article 70(1)(q) GDPR)
  18. Provide the Commission with its opinion on the icons under Article 12(7) of GDPR (Article 70(1)(r) GDPR)
  19. Provide the Commission with its opinion on the adequacy of third countries with regards to data protection (Article 70(1)(s) GDPR)
  20. Provide its opinion with regards to draft decisions of the supervisory authorities (Article 70(1)(t) GDPR)
  21. Encourage the cooperation and exchange of information between the supervisory authorities (Article 70(1)(u) GDPR)
  22. Promote training and exchange of personnel between supervisory authorities (Article 70(1)(v) GDPR)
  23. Promote the exchange of knowledge and material relating to data protection between supervisory authorities around the world (Article 70(1)(w) GDPR)
  24. Provide its opinion regarding codes of conduct at the EU level (Article 70(1)(x) GDPR)
  25. Maintain public records of its decisions (Article 70(1)(y) GDPR)

Request for advice from the Commission (Article 70(2) GDPR)

In the event the Commission requests the advice of the EDPB, the Commission should specify the timeline and indicate if there are any urgencies to consider.

EDPB recommendations and guidelines to be public (Article 70(3) GDPR)

The recommendations, advice, best practices and guidelines of the EDPB should be made public and communicated to the Commission.

Consultation rights (Article 70(4) GDPR)

The EDPB has the right to consult with interested parties and get their views or comments.

The result of the consultation should be made public by the Board.

Recitals applicable to Article 70 of GDPR

Relevant Recitals: 136, 139

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 70 or relevant recitals

Directive 95/46/EC

GDPR Text: Article 70 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)