Below is a summary of the Articles in the GDPR text regarding the EDPB:
• GDPR Article 68 establishes the European Data Protection Board and contains some general rules regarding the composition and functioning of it.
• GDPR Article 69 emphasizes the independence of the European Data Protection Board, adding that in the performance of its tasks and exercise of its powers it doesn’t seek nor take instructions for anyone.
• GDPR Article 70, as mentioned, describes the many tasks of the European Data Protection Board and it’s a pretty long list so do check it out indeed.
• GDPR Article 71 is about the duty of the EDPB to make an annual report on, among others, the personal data protection of data subjects where processing happens in the EU and, where relevant outside of the EU. The report is public.
• GDPR Article 72 simply says that when the EDPB takes decisions, normally it’s by a simple majority of its members and in some cases by a two-thirds majority.
• GDPR Article 73 says that, again via a simple majority vote, each five years the European Data Protection Board elects a chair and two deputy chairs. These have to be members of the board and can only be re-elected once (so never one person more than 10 years).
• GDPR Article 74 expands on what the tasks of the chair of the European Data Protection Board are with, on top of a list of tasks the additional stipulation that the allocation of tasks that need to be executed by the chair and deputy chairs must be in the rules of procedure.
• GDPR Article 75 then talks about the secretariat of the European Data Protection Board and some rules regarding it (including its tasks).
• GDPR Article 76, finally, provides a few words on confidentiality in the scope of discussions of the EDPB and access to documents.
There are several other places where the European Data Protection Board, a.k.a. ‘The Board’ is mentioned in the text, when in the scope of a specific Article it has a role to play.