At its plenary meeting this month, the WP29 adopted the final version of its Data Protection Impact Assessment (DPIA) guidelines.

It also adopted draft guidelines on data breach notification and profiling, and administrative fines, which will be open for public consultation for 6 weeks before their final adoption. The guidelines are expected to be published shortly on the European Commission’s WP29 webpage.

Each WP29 subgroup provided a state of play of its work on the WP29’s priorities on the GDPR, including guidelines on consent, transparency, and update of data transfer tools which are to be adopted between November 2017 and February 2018.

On certification, the discussions are continuing and the guidelines should be proposed for adoption at the February 2018 WP29 plenary.

The WP29 also worked on the organization and structure of the EDPB and of the cooperation system to be ready for May 2018.