Dates: 16 February 2018, 16 March 2018, 2 May 2018, 2 July 2018
Time: 12.00 - 14.00
Location: Jean-André de Motstraat 24, 1040 Etterbeek

Managers can enrol online here.

Trainings for Heads of Unit/Heads of Sector given by the EDPS in the framework of the EUSA lunch conference with the participation of Philippe Renaudiere, Data Protection Officer at the European Commission.

Subject/purpose of the training

Everyday, Heads of Units/ Heads of Sectors in the EU institutions and bodies collect, use or store (process) personal data in the course of their work. From selection and recruitment, staff appraisals, administrative inquiries, organising meetings, managing visitors to dealing with contracts, grants and tenders, personal data is everywhere!

The law applicable to the EU institutions and bodies when they process the personal data of individuals is about to change. The new Regulation will come into effect in spring 2018 (repealing Regulation (EC) 45/2001) and has implications for all those dealing with personal data in their work.

The updated rules will impose new obligations but will also remove some administrative burdens. This course aims to give you a practical overview of your obligations as Heads of Units/Heads of Sectors within the EU institutions: your institution's "accountability" in practice, how to embed data protection principles in new procedures and projects under your responsibility, what to do in case of personal data breaches, how to ensure data protection compliance in your procurement procedures and much more.

42nd Meeting of the Data Protection Officers of the EU institutions and the European Data Protection Supervisor, European Medicine Agency, London, UK.

40th Meeting of the Data Protection Officers and the European Data Protection Supervisor - European Union Intellectual Property Office, Alicante, Spain.

Have a look at our gateway to a wealth of information on a selection of subjects covered in the course of our supervision of the EU institutions and bodies.

Information and presentations from the 37th Meeting of the Data Protection Officers and the European Data Protection Supervisor held at the European Investment Bank in Luxembourg on 8 May 2015.

See also the agenda

36th Meeting of the Data Protection Officers and the European Data Protection Supervisor – Cedefop, Thessaloniki

35th Meeting of the Data Protection Officers and the European Data Protection Supervisor – Brussels, 11-13 June 2014

In October 2013, the EDPS was notified of a data security breach involving unauthorised access to an EU Agency database which is operated by an external contractor. This database contained the names and email addresses of approximately 70 individuals. The Agency asked the EDPS for advice on how best to handle this breach, and has now implemented all our suggested remedial measures. These included carrying out a full investigation with the contractor, implementing amendments to the contract, and notifying affected data subjects.

Some EU institutions may already have their own rules in place about reporting security breaches to the relevant internal departments. Whilst we welcome this type of proactive approach, we are presently unable to provide a direct or definitive instruction on any obligations to notify security breaches to the controller or the EDPS, under current data protection law. However, the contractual changes that the Agency has implemented in this particular case indicate a positive and practical approach to data breach management, by obligating contractors to promptly notify any such breaches to the controller. This will enable the Agency to deal with any future incident in a timely and effective manner.