Overview

This article requires the European Data Protection Board (EDPB) to elect a Chair and two Deputy Chairs by simple majority. The Chair and Deputies serve a five-year term, which is renewable once, and are responsible for leading and representing the Board in its activities and communications.

Key Principles

  • Leadership: The Chair leads the Board and ensures effective governance.

  • Representation: Represents the Board in interactions with EU institutions, supervisory authorities, and stakeholders.

  • Election Process: Chair and Deputy Chairs are elected by simple majority of Board members.

  • Term Limits: Five-year term, renewable once, ensuring continuity and accountability.

  • Succession Planning: Deputy Chairs support the Chair and provide continuity in leadership.

Organizational Applicability

This article applies to:

  • The European Data Protection Board and its members.

  • Teams supporting the Chair and Deputies in governance and operational tasks.

  • Supervisory authorities and EU institutions interacting with Board leadership.

Implementation Requirements

  • Conduct elections for Chair and two Deputy Chairs by simple majority.

  • Establish terms of five years, renewable once, for each leadership position.

  • Assign responsibilities for leading, representing, and coordinating Board activities.

  • Document election procedures, terms, and roles for accountability.

Implementation Guidance

  • Maintain clear election procedures and voting guidelines.

  • Train Board members and Secretariat staff on leadership roles and responsibilities.

  • Ensure succession planning and role clarity for Chair and Deputies.

  • Periodically review leadership effectiveness and compliance with term limits.

Periodic Review

  • Frequency: Every five years or upon elections.

  • Responsible Role: EDPB members, Board Secretariat, Compliance Teams.

  • Outcome: Ensure leadership positions are filled effectively, represent the Board appropriately, and comply with GDPR governance requirements.

Non-Compliance Risks

  • Fines: Up to €20 million or 4% of global annual turnover for supervised entities.

  • Legal Exposure: Challenges to Board decisions if leadership is not properly elected.

  • Reputational Damage: Loss of confidence in the Board’s governance and representation.

  • Operational Risk: Ineffective leadership may hinder decision-making, coordination, and GDPR enforcement.