The European Commission – Data Protection links to the Article 29 Working Party Guidelines which supplement our understanding of GDPR:

• Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01)
• Guidelines on Personal data breach notification under Regulation 2016/679 (wp250rev.01)
• Guidelines on the application and setting of administrative fines (wp253). In multiple language versions.
• Guidelines on Transparency under Regulation 2016/679 (wp260) [adopted, but still to be finalized]
• Guidelines on Consent under Regulation 2016/679 (wp259) [adopted, but still to be finalized]
• Guidelines on the Lead Supervisory Authority (wp244rev.01)
• Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)
• Guidelines on the right to “data portability” (wp242rev.01)
• Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01)

Additional “News” from the Art. 29 WP may be found here. Despite prominence on the Commission’s website, the Commission stated on December 12th, 2017 that the Art. 29 WP does not speak for the Commission (see here). Guidance, opinions and other statements of the Art. 29 WP are generally given a great deal of attention by those affected by GDPR because it is composed of the following:

• A representative of the supervisory authority(ies) designated by each EU country;
• A representative of the authority(ies) established for the EU institutions and bodies;
• A representative of the European Commission.

On March 27, 2018, the Commission posted a new link to the Article 29WP archives from 1997 to November 2016.

If you have questions on this topic, please reach out to one of our Global Privacy & Security Blog authors.