Data protection impact assessment Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 (WP 248 rev.01)
Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR → .pdf
Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR (WP 263 rev.01) → .pdf
Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data (WP 264) → .doc
Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rules for the Transfer of Personal Data (WP 265) → .pdf
Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (WP 256 rev.01) → .pdf
Working Document setting up a table with the elements and principles to be found in Processor Binding Corporate Rules (WP 257 rev.01) → .pdf