The EU body responsible for the application of the GDPR, the EDPB (which replaces the Article 29 Working Party), has published its first round of guidance and direction documents.

Guidelines on derogations in the context of international data transfers provides insight into Article 49 of the GDPR; namely the correct application of exemptions from the general principle that personal data may only be transferred to countries outside of the EEA if an adequate level of data protection is provided for, or if appropriate safeguards have been implemented.

The EDPB has also published Guidelines on certifications under the GDPR which outline the requirements and rationale for certification mechanisms issued in accordance with Article 42 and 43 of the GDPR.