EDPB Guidelines in your CIPP/E Exam
Are you preparing for the CIPP/E Exam?
Understanding the EDPB Guidelines is essential for passing this exam, but with
so many of them to read through, it can be difficult to know where to start. In
this blog post, we'll give you a breakdown of the 10 most important Guidelines
you need to study in order to pass your exam. By taking a look at these key
points, you'll be able to easily identify which Guidelines are most relevant
and save time when studying.
First of all, let me explain what the EDPB
Guidelines exactly are.
The European Data Protection Board (EDPB)
Guidelines are a set of guidelines that provide clarification and guidance on
the interpretation and implementation of data protection legislation. They
serve to ensure a consistent, high level of data protection across the European
Union. The EDPB Guidelines are important because they help organizations comply
with GDPR regulations, which are designed to protect personal data and give
individuals control over how their data is used. The guidelines cover topics
like data processing, consent, data portability, and other important
GDPR-related issues.
Now, the 10 Guidelines you should know more
about:
1 The
EDPB Guidelines 07/2020 on the concepts of controller and processor in the GDPR
These provide a comprehensive overview of
the roles and responsibilities of controllers and processors under the GDPR, as
well as guidance on how they should cooperate when processing personal data.
2 The
EDPB Guidelines 3/2018 on the territorial scope of the GDPR
These Guidelines provide helpful guidance
on determining when controllers and processors outside of the EU must comply
with GDPR requirements. They also serve as a reminder that controllers and
processors should assess their activities carefully to ensure compliance with
applicable laws and regulations.
3 The
EDPB Guidelines 5/2019 on the criteria of the Right to be Forgotten in search
engine cases under the GDPR
They provide clear guidance on how search
engines should interpret and apply the right to be forgotten under GDPR and
outlines criteria for determining when an individual’s right should be
respected by a search engine. It also provides guidance on how search engines
should respond when an individual exercises their right and how they should
balance competing interests when making decisions about such requests.
4 EDPB
Guideline 10/2020 on restrictions under Article 23 GDPR
These provide guidance on how Member States
can restrict certain rights and obligations provided for in the GDPR. The
document explains that any restriction must meet certain conditions and
criteria in order to be valid, including being necessary and proportionate,
having a clear legal basis in national law, and being limited in scope and duration.
Furthermore, it clarifies that Member States may not impose restrictions on
certain fundamental rights provided for in the GDPR.
5 The
EDPB Guidelines 05/2021 on the Interplay between the Application of Article 3
and the Provisions on International Transfers as per Chapter V of the GDPR
These Guidelines provide guidance on how to
interpret and apply Article 3 and Chapter V together when transferring personal
data from an establishment in the EU to a controller or processor located
outside the EU. They clarify that Article 3 does not replace or supersede
Chapter V’s rules for international transfers, but rather applies only to
processing activities within an establishment in the EU. Furthermore, they
emphasize that controllers and processors must take into account both Article 3
and Chapter V when transferring personal data from an establishment in the EU to
a controller or processor located outside the EU.
6 The
EDPB Guidelines 04/2021 on codes of conduct as tools for transfers
These provide comprehensive guidance on how
controllers and processors can use codes of conduct as a tool for facilitating
data transfers in compliance with the GDPR. The guidelines outline the
requirements for a valid code of conduct, explain how to apply for approval,
and provide information on how to use codes of conduct as part of an overall
strategy for international transfers.
7 The
EDPB Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679
These Guidelines provide guidance on how
controllers can lawfully transfer personal data outside the EU by relying on
one of six exceptions outlined in Article 49. Controllers must ensure that
appropriate safeguards are in place to protect data subjects’ rights and
freedoms, provide relevant information to data subjects about their rights
regarding transfers outside the EU, comply with all applicable EU laws and
regulations, and document their decisions to rely on an exception.
8 EDPB
recommendations 01/2020 on measures that supplement transfer tools to ensure
compliance with the EU level of protection of personal data
These EDPB recommendations provide guidance
on measures that supplement transfer tools to ensure compliance with the EU
level of protection of personal data. The EDPB recommends that controllers and
processors, when transferring personal data outside the EU, should take into
account safeguards in order to ensure compliance with the EU level of
protection of personal data when transferring personal data outside the EU.
9 The
EDPB Guidelines 3/2019 on processing of personal data through video devices
These EDPB Guidelines provide guidance on
the application of the GDPR to the use of video devices for the processing of
personal data, and how controllers should comply with GDPR requirements when
using video surveillance systems for processing personal data.
10 The
EDPB Guidelines 8/2020 on the Targeting of Social Media Users
These provide comprehensive guidance to
social media companies on how to comply with GDPR when using personal data for
targeted advertising purposes. It emphasizes that companies must obtain valid
consent from users before collecting and processing their data, provide users
with clear information about how their data is being used, ensure that users
are able to exercise their rights under GDPR, take measures to prevent
discrimination based on protected characteristics, and regularly monitor and
evaluate their practices in order to identify any potential risks or
non-compliance issues.
So, those are the most important EDPB
Guidelines you should know about before going up for your CIPP/E Exam. There will
definitely be questions in your exam about the guidelines. Other than the
necessity to study them, they provide a better understanding of some of the key
issues in the GDPR and give many examples, so it’s easy to relate.
Because the texts are very lengthy, we have
made summaries and articles in which the essentials of the guidelines are
explained. They can be found in the EU Privacy training courses. If you are
preparing for the CIPP/E exam or a similar certification, there are training
courses for every level available on https://22academy.com/shop/.
They cover the entire curriculum and include the important information from the
EDPB Guidelines.
The original texts can be found and downloaded on
the website of the EDPB: https://edpb.europa.eu/edpb_en
