The EDPS, like other EU institutions, bodies, agencies and offices (EU institutions), may process your personal data (also known as personal information) for a number of reasons, from dealing with public requests for information, staff matters, visitor information to the handling of complaints to name but a few.
All EU institutions, including the EDPS, are obliged to comply with the data protection law specifically applicable to them.
In addition to specifying the legal principles for processing personal data, the law provides that each EU institution must appoint at least one Data Protection Officer (DPO).
The task of the DPO is to ensure, in an independent manner, that the data protection law is applied in the institution.
The DPO is also required to keep a register of all the operations that involve the processing (collection, use and/or storage) of your personal data carried out by the institution.
The register has to be publicly accessible and must contain information explaining the purpose and conditions of the processing operations.
The role of the DPO at the EDPS presents many challenges: being independent within an independent institution, meeting the high expectations of colleagues who are particularly aware and sensitive about data protection issues, and delivering solutions that can serve as benchmarks for other institutions.
The EDPS’ own rules on the role of the DPO and how to implement the law reflect these specificities and take into account both the EDPS Position paper and the DPO Network Paper on Professional Standards for Data Protection Officers.
The existing data protection rules applicable to the EU institutions are being reformed to be brought in line with the General Data Protection Regulation. The new rules aim to make the EU institutions more accountable in the way they process personal data. In preparation for this, we have launched our own accountability project.
Data Protection Officer
When your personal information is processed by the EDPS (or any EU institution), you have the right to know about it.
You have the right to access the information and have it rectified without delay if it is inaccurate or incomplete.
You can ask to have it blocked under certain circumstances.
You can also object to it being processed if you think the processing is unfair and unlawful and ask for it to be deleted.
You can request that any of the above changes be communicated to other parties to whom your data have been disclosed.
You have also the right not to be subject to automated decisions (made solely by machines) affecting you, as defined by law.
These rights are outlined in Articles 13 to 19 of the current data protection Regulation 45/2001.
You can also read our factsheet for more information.
For more information about how the EDPS uses your personal data, for example when you visit our website or engage with us on social media, please go to our data protection notice page.