OneTrust GDPR Deep Dive Series Chapter 7: Cooperation and Consistency

Chapter 7 establishes the European Data Protection Board (EDPB), outlines communication and despite resolutions processes, and enables a consistent approach to data processing regulations cross the European Union (EU).

The most significant aspect of the chapter is the creation of the EDPB serving as a centralised body for data protection in the EU. It is comprised of one Data Protection Authority (DPA) from each Member State, the European Data Protection Supervisor (EDPS), and a non-voting representative from the European Commission. The EDPS can only vote on dispute resolution decisions if they pertain to the principles and rules of EU institutions, which relate substantively to the GDPR.

The powers and authorities of the EDPB, as outlined in this chapter, include:

  • Ensuring consistent application across Member States
  • Advising the European Commission on data protection and on future amendments to the GDPR
  • Issuing guidance or best practices on erasure of links or copies of personal data from publicly available communication services
  • Determining what constitutes personal data breaches and undue delay of breach notification
  • Accrediting certification bodies and outlining data protection certification mechanisms
  • Defining 3rd country protection adequacies

Another key component in Chapter 7 is the establishment of baselines for the consistent application of the GDPR throughout the Union, or a consistency mechanism, according to Article 63. This mechanism will help organisations who operate across Member States’ jurisdictions manage data protection inconsistencies should they arise. If a DPA, for example, wants to make changes to data protection guidelines and best practices at the Member State level, they must submit those changes to the EDPB for approval and reduce ad hoc adjustments.

While the inclusion of the EDPB as an additional step in the process could slow down dispute resolutions or adjudication, it will enable transparent lines of communications between DPAs and European institutions and bodies, while ensuring consistent application of the GDPR throughout the Union.

Chapter 7 Sections, Articles & Descriptions

Section 1 –– Cooperation

Article 60: Cooperation between the lead supervisory authority and the other supervisory authorities concerned

Article 61: Mutual assistance

Article 62: Joint operations of supervisory authorities

Section 2 –– Consistency

Article 63: Consistency mechanism

Article 64: Opinion of the Board

Article 65: Dispute resolution by the Board

Article 66: Urgency procedure

Article 67: Exchange of information

Section 3 –– European data protection board

Article 68: European Data Protection Board

Article 69: Independence

Article 70: Tasks of the Board

Article 71: Reports

Article 72: Procedure

Article 73: Chair

Article 74: Tasks of the Chair

Article 75: Secretariat

Article 76: Confidentiality


GDPR will come into effect on May 25, 2018, and OneTrust believes that every global organization should start considering how to best implement efficient and effective data-handling practices that are replicable and consistent. The GDPR Deep Dive Series delves into each chapter of the GDPR to summarize key takeaways of the new governance in an easy-to-digest format. It is intended to help privacy executives with implementation and operationalization of GDPR regulations, and will be published bi-weekly on our blog.