The 5th EDPD Plenary Session took place last week on 4 and 5 December 2018.  Main points of the agenda included the EU-Japan draft adequacy decision, the adoption of opinions on the Data Protection Impact Assessment (DPIA) lists submitted by Denmark, Croatia, Luxembourg and Slovenia, and the revision of the Article 29 Working Party guidelines on accreditation.

1. Concerning the EU-Japan draft adequacy decision, the Board adopted an opinion on the decision assessing whether or not the Commission ensured adequate data protection for individuals.  While recognising efforts made by both the Japanese PPC and the European Commission, it pointed out that there are still a number of concerns to be considered with respect to the protection of personal data transferred from the EU to Japan and has therefore recommended that the European Commission address a number of requests for clarification posed by the EDPD.
2. Concerning the DPIA lists, the Board adopted the lists submitted by Denmark, Croatia, Luxembourg and Slovenia, forming an integral step in the consistent application of the GDPR across European states.  The DPIA process in fact allows for the identification and mitigation of data protection risks where national supervisory authorities establish and generate a list of all the kinds of processing operations that require a DPIA.
3. With respect to the Guidelines on accreditation (Article 43 GDPR), the Board finalised and adopted revised Article 29 Working Party guidelines on accreditation which were submitted for public consultation. These guidelines provide guidance on the interpretation and implementation of Article 43 of the GDPR.  The guidelines have been completed with an annex that will be subject to public consultation.

The complete EDPB press release on the Plenary Session can be found here.