Is the article 29 working party guidance still valid under the GDPR?
Asked by: Mr. Coty Gerlach | Last update: March 31, 2026Score: 4.1/5 (40 votes)
Yes, much of the Article 29 Working Party (WP29) guidance remains relevant and valid under the GDPR, especially documents the European Data Protection Board (EDPB) endorsed, but it's a case-by-case assessment for non-endorsed documents, as the EDPB (which replaced WP29) now issues updated guidance. Endorsed WP29 documents are directly helpful, while others are still useful if compatible with GDPR and not superseded, requiring you to check if the EDPB has issued newer guidance on the topic.
What is Article 29 of the GDPR?
Article 29Processing under the authority of the controller or processor. The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller, unless required to do so by [F1domestic law].
What is the Article 29 Working Party?
The EU Article 29 Working Party was set up under Article 29 of eu directive 95/46/EC. It is an advisory body on data protection and helps to develop harmonised policies for data protection in the EU member states.
What is the WP29 DPO guidance?
Group companies can appoint a single DPO provided he or she is easily accessible from each establishment (Article 32(2)). The WP29 recommends, where feasible, that the DPO be located within the EU, whether or not the controller or processor is established within the EU.
What is the new GDPR 2025?
The Data (Use and Access) Act 2025 (“ DUAA ”, “the Act”) received Royal Assent on 19 June 2025. This is a wide-ranging Act which includes provisions to enable the growth of digital verification services, new Smart Data schemes like Open Banking and a new National Underground Asset Register.
Mastering DPIA: Insights from EDBP WP 29 Guidelines for GDPR Compliance: wp248 | Unofficial
What are the four new additional rights under GDPR?
The rights of the individual:
Data Portability (NEW) Objection –Absolute for direct marketing (NEW) Restrict processing (put on hold) Automated decisions and profiling.
Does GDPR still apply?
Does the GDPR still apply? The EU GDPR is an EU Regulation and it no longer applies to the UK. If you operate inside the UK, you need to comply with the Data Protection Act 2018 (DPA 2018) and UK GDPR. The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR.
Is article 29 still active today?
29 WP was set out in Article 29 of the Data Protection Directive (Directive 95/46/EC), and it was launched in 1996. It was replaced by the European Data Protection Board (EDPB) on 25 May 2018 in accordance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
Does GDPR apply to US citizens?
Enacted by the European Union (EU), the General Data Protection Regulation is often mistakenly thought of as a set of rules that only apply within Europe. However, this couldn't be further from the truth. A common question many U.S. businesses have is: Does GDPR apply to us? The answer, in many cases, is yes.
What is Article 29 of the DPIA?
The Article 29 working party of EU data protection authorities (WP29) published guidelines with nine criteria which may act as indicators of likely high risk processing: Evaluation or scoring. Automated decision-making with legal or similar significant effect. Systematic monitoring.
What is the main purpose of article 29?
Article 29 reminds us that the individual has not only rights but also duties (Paragraph 1), and that limitations on rights not only may (Paragraph 2) but also must (Paragraph 3) be drawn.
What is the difference between GDPR and EU GDPR?
Differences: Legal Framework: The EU GDPR is an EU regulation that applies to all EU member states. In contrast, the UK GDPR is the data protection law specific to the United Kingdom. This distinction in legal frameworks necessitates compliance with different regulations depending on the jurisdiction.
What is the WP29?
The Working Party on the Protection of Individuals with regard to the Processing of Personal Data, generally known as Article 29 Working Party (WP29), is the independent European Union Advisory Body on Data Protection and Privacy, composed of representatives from each of the EU Member States, the European Data ...
Is Article 29 legally binding?
Although its views are not legally binding, they are strongly indicative of the way in which EU data protection law is likely to be enforced.
Does Article 29 apply to all companies?
Article 29 applies to a broad set of financial actors, including asset managers, insurance companies, pension funds, and institutional investors operating in France.
How is the GDPR different in Europe and the US?
Key Differences Between GDPR and U.S. Data Privacy Laws. The regulatory approaches to data privacy in the EU and the U.S. diverge considerably, with the EU adopting a comprehensive framework through the GDPR, while the U.S. relies on a patchwork of sector-specific and state-level laws.
What is the closest law to GDPR in the USA?
The US equivalent of the GDPR is the CCPA or California Consumer Privacy Act. It was inspired by the GDPR, and both laws protect the personal data of consumers.
Who does the GDPR not apply to?
Some of the key exemptions from GDPR compliance include personal or household activities, government agencies and law enforcement, and the processing of personal data by Member States.
Who is exempt from GDPR?
Some of the most common exemptions include businesses that do not process personal data of living persons, businesses that have no connection with the European Union, derogations for businesses with less than 250 employees, or data processing primarily for personal/household activities.
What is article 29 data protection working party?
29 Working Party. The EDPB replaces the Article 29 Working Party (Art. 29 WP), established by Directive 95/46/EC and that dealt with issues relating to the protection of privacy and personal data until 25 May 2018 (entry into application of the GDPR).
What is Article 29 simplified?
Article 29, Constitution of India 1950
(2) No citizen shall be denied admission into any education institution maintained by the State or receiving aid out of State funds on grounds only of religion, race, caste, language or any of them.
What is Article 29 of the UN Convention on the rights of Persons with Disabilities?
Article 29 sets out the framework for persons with disabilities' participation in political and public life and stipulates that state parties shall “guarantee to persons with disabilities political rights and the opportunity to enjoy them on equal basis with others.” To achieve this, state parties should: ensure that ...
Does the GDPR apply to US citizens?
However, it does apply to United States Citizens when they provide data to the University while temporarily located in the EU. At a high level, GDPR addresses the following requirements: Data processing must be lawful, meaning that one of the following apply: Consent for processing was obtained from the individual(s)
What is the GDPR update 2025?
The Data (Use and Access) Act 2025 (Act) received Royal Assent in June 2025 and will enter into force in stages over the next year. The Act reforms the UK GDPR, Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (PECR).
When did GDPR stop?
The GDPR post-Brexit
Although the United Kingdom (UK) formally withdrew from the European Union (EU) on 31 January 2020, it remained subject to EU law, including the General Data Protection Regulation (EU GDPR), until the end of the transition period on 31 December 2020.