EDSA

EDSA: Draft gui­de­li­nes on fine sizing – the big­ger, the more expensive 

On May 12, 2022, the Euro­pean Data Pro­tec­tion and Pri­va­cy Aut­ho­ri­ty (EDSA) adop­ted 40-page draft gui­de­li­nes on har­mo­ni­zing the methods used by natio­nal aut­ho­ri­ties to cal­cu­la­te fines (Gui­de­li­nes 04/2022 on the cal­cu­la­ti­on of admi­ni­stra­ti­ve fines under the GDPR). Com­ments are invi­ted until

EDSA: Prag­ma­tic draft gui­de­li­nes on dis­clo­sure in third countries. 

The Euro­pean Data Pro­tec­tion Board (EDSA) has published for public con­sul­ta­ti­on draft gui­de­li­nes on the rela­ti­ons­hip bet­ween Arti­cle 3 GDPR (ter­ri­to­ri­al scope) and Chap­ter V of the GDPR (trans­fers abroad): Gui­de­li­nes 05/2021 on the Inter­play bet­ween the app­li­ca­ti­on of Article

EDSA: Gui­de­li­nes for restric­tions wit­hin the mea­ning of Art. 23 GDPR 

The Euro­pean Data Pro­tec­tion Board EDSA has published the final ver­si­on of the Gui­de­li­nes on restric­tions under Arti­cle 23 GDPR (Gui­de­li­nes 10/2020 on restric­tions under Arti­cle 23 GDPR, Ver­si­on 2.0, Adop­ted on 13 Octo­ber 2021). Accord­ing to Art. 23 GDPR, Mem­ber Sta­tes of the EEA may

EDSA: Final ver­si­on of the gui­de­li­nes on con­trol­lers and processors 

The Euro­pean Data Pro­tec­tion Board EDSA has published the final ver­si­on of the gui­de­li­nes on the con­cepts of con­trol­ler and pro­ces­sor (“Gui­de­li­nes 07/2020 on the con­cepts of con­trol­ler and pro­ces­sor in the GDPR, Ver­si­on 2.0″, July 7, 2021). A del­ta view of the final

EDSA: Draft gui­d­ance on examp­les of data bre­ach notifications. 

As is well known, the GDPR pro­vi­des that data brea­ches must be noti­fied to the com­pe­tent super­vi­so­ry aut­ho­ri­ty or aut­ho­ri­ties if the bre­ach results in a risk to the data sub­jects (Art. 33 GDPR, and if the bre­ach is likely to result in a high risk to the data subject(s)).

EDSA: defi­ni­ti­ve gui­d­ance on the rela­ti­ons­hip bet­ween PSD II and the GDPR. 

Direc­ti­ve 2015/2366 of Novem­ber 25, 2015, on pay­ment ser­vices in the inter­nal mar­ket […] (Second Pay­ment Ser­vices Direc­ti­ve, PSD II or PSD2; to be imple­men­ted by mem­ber sta­tes by Janu­a­ry 13, 2018; in Ger­ma­ny, by the Pay­ment Ser­vices Super­vi­si­on Act) is inten­ded, among other things, to impro­ve the offer in the