Article 70 GDPR
The tasks of the European Data Protection Board

1. The European Data Protection Board shall ensure the consistent application of this Regulation. To this end, it shall, on its own initiative or, where appropriate, at the request of the Commission, take the following actions in particular:

(a) monitor and ensure the proper application of this Regulation in the cases referred to in Articles 64 and 65, without prejudice to the tasks of national supervisory authorities;

(b) advise the Commission on matters relating to the protection of personal data in the Union, including on any proposed amendments to this Regulation;

(c) advise the Commission on the format and procedures for exchanging information between administrators, processors and supervisory authorities for the purposes of binding corporate rules;

(d) issues guidelines and recommendations and establishes best practices regarding the removal from publicly available communication services of links to personal data, copies of such data, or replicas thereof, as referred to in Article 17(2);

(e) examine, on its own initiative or at the request of one of its members or the Commission, any matter relating to the application of this Regulation and issue guidelines, recommendations and best practices to encourage the consistent application of this Regulation;

(f) issue guidelines, recommendations, and identify best practices in accordance with subparagraph (e) of this paragraph, in order to clarify, for the purposes of Article 22(2), the criteria and requirements for decisions based on profiling;

(g) issue guidelines, recommendations, and establish best practices in accordance with subparagraph (e) of this paragraph regarding the determination of a personal data breach and the definition of undue delay within the meaning of Article 33(1) and (2), as well as the specific circumstances in which a controller or processor is required to notify a personal data breach;

(h) issue guidelines, recommendations, and establish best practices in accordance with subparagraph (e) of this paragraph, indicating the circumstances under which a personal data breach may result in a high risk to the rights or freedoms of natural persons within the meaning of Article 34(1);

(i) issue guidelines, recommendations, and best practices in accordance with subparagraph (e) of this paragraph to clarify the criteria and requirements for the transfer of personal data based on binding corporate rules applied by controllers and binding corporate rules applied by processors, and other necessary requirements to ensure the protection of the personal data of data subjects in accordance with Article 47;

(j) issues guidelines, recommendations, and best practices in accordance with subparagraph (e) of this paragraph to clarify the criteria and requirements for the transfer of personal data pursuant to Article 49(1);

(k) develop guidelines for supervisory authorities on the application of the measures referred to in Article 58(1), (2), and (3), and on the determination of the amount of administrative fines in accordance with Article 83;

(l)

*

reviews the practical application of guidelines, recommendations, and best practices;

(m) issue guidelines, recommendations, and establish best practices in accordance with subparagraph (e) of this paragraph, in order to establish, for the purposes of Article 54(2), common procedures for handling reports by natural persons of infringements of this Regulation;

(n) encourages the development of codes of conduct and the establishment of certification mechanisms in the field of data protection, as well as quality labels and marks in this field, in accordance with Articles 40 and 42;

(o)

**

approves the certification criteria in accordance with Article 42(5) and maintains a public register of certification mechanisms and quality marks and labels in the field of data protection in accordance with Article 42(8), as well as of controllers or processors certified in accordance with Article 42(7) that are established in third countries;

(p)

***

approve the requirements referred to in Article 43(3) for the accreditation of the certification bodies referred to in Article 43;

(q) provides the Commission with an opinion on the certification requirements referred to in Article 43(8);

(r) provides the Commission with an opinion on the graphic symbols referred to in Article 12(7);

(s) provide the Commission with an opinion for the purpose of assessing whether the degree of protection in a third country or international organization is adequate, including for the purpose of assessing whether the third country, territory, specified sector(s) in that third country or international organization has ceased to provide an adequate degree of protection. To this end, the Commission shall make available to the European Data Protection Board all necessary documentation, including correspondence with the government of a third country with respect to that third country, territory or specified sector, or correspondence with an international organization;

(t) issue opinions on draft decisions submitted by supervisory authorities in accordance with the consistency mechanism referred to in Article 64(1), on matters referred to it in accordance with Article 64(2), and issue binding decisions in accordance with Article 65, including on matters referred to in Article 66;

(u) promote cooperation and effective bilateral and multilateral exchange of information and good practices between supervisory authorities;

(v) disseminate joint training programmes and facilitate staff exchanges between supervisory authorities and, where appropriate, with supervisory authorities of third countries or international organisations;

(w) promote the exchange of knowledge and documents on data protection legislation and practices with supervisory authorities responsible for data protection worldwide;

(x) issues opinions on codes of conduct developed at the Union level in accordance with Article 40(9); and

(y) maintain a publicly available electronic register of decisions taken by supervisory authorities and court rulings in cases under the Cohesion Mechanism.

2. If the Commission asks the European Data Protection Board for a consultation, it may, depending on the urgency of the matter, indicate a deadline for a response.

3. The European Data Protection Board shall provide its opinions, guidelines, recommendations, and best practices to the Commission and to the committee referred to in Article 93, and shall make them publicly available.

4. The European Data Protection Board shall, where appropriate, consult the parties concerned and give them the opportunity to submit comments within a reasonable time. Without prejudice to Article 76, the European Data Protection Board shall make the results of the consultation procedure publicly available.