European Data Protection Supervisor
European Data Protection Supervisor

News & Events

News & Events

DPO News and events

28/02/2014
28
Feb
2014

Vacancies

Consult our latest vacancies!

27/02/2014
27
Feb
2014

Data Security Breaches

In October 2013, the EDPS was notified of a data security breach involving unauthorised access to an EU Agency database which is operated by an external contractor. This database contained the names and email addresses of approximately 70 individuals. The Agency asked the EDPS for advice on how best to handle this breach, and has now implemented all our suggested remedial measures. These included carrying out a full investigation with the contractor, implementing amendments to the contract, and notifying affected data subjects.

Some EU institutions may already have their own rules in place about reporting security breaches to the relevant internal departments. Whilst we welcome this type of proactive approach, we are presently unable to provide a direct or definitive instruction on any obligations to notify security breaches to the controller or the EDPS, under current data protection law. However, the contractual changes that the Agency has implemented in this particular case indicate a positive and practical approach to data breach management, by obligating contractors to promptly notify any such breaches to the controller. This will enable the Agency to deal with any future incident in a timely and effective manner.

Topics:
03/02/2014
3
Feb
2014

Information note on transfers of staff data to Member States

Some Member States governments (e.g. via Permanent Representations, Embassies or directly their Ministries of Foreign Affairs) request personal data (name, grade, contact information...) of their nationals working for the institutions, bodies and agencies. In doing so, some refer to a specific legal basis, others simply ask without giving further reasons. Following several consultations on this matter, the EDPS has compiled a small note explaining to MS governments how and for which purposes such requests can be made. Please feel free to use and forward this note if you receive such requests. It is meant to explain this matter to colleagues in the national administrations, so it repeats the relevant provisions of Regulation (EC) 45/2001.

Please note that while we initially had proposed to send a letter to all MS governments explaining the issue, in the end, we decided not to do so. The main reason was that only about ten MS seem to regularly ask for this information, so there seemed to be no need to point out this possibility to all the others.

30/01/2014
30
Jan
2014

Reply to the update of notification on the CDR at the European Commission

Reply to the update of notification on the CDR at the European Commission - further use of an unsatisfactory CDR for blocking advancement in step – 2013 review of the Staff Regulations

28/11/2013
28
Nov
2013

New Staff Regulations: what this implies in terms of consultations to the EDPS and notifications for prior checking

The modification of the Staff Regulations may imply certain changes to existing administrative decisions or the adoption of new administrative rules.
In this regard we would like to remind you of our policy on consultations which provide that in principle it is the DPO who is to be involved in the revision of administrative decisions unless there is a novel or complex issue.

As for prior check notifications, we would like to use this occasion to remind you of the procedure for an update of an existing notification (preferably one clean version and a mark-up version indicating the changes). Such an update only needs to be made in case of a change with regard to the protection of personal data. There should also be a cover letter from the DPO describing the main changes.

27/11/2013
27
Nov
2013

Call for interest

As presented on the occasion of the last DPO meeting, the EDPS is currently considering options regarding the information to be provided to third parties mentioned in complaints (as a reminder, please see the illustration slide attached). Such information is important as it guarantees the fairness of the processing, a concept which is broader than the mere right of defence. It raises the issue of the concept of personal data, the definition of processing, the limits of Article 12 and the restrictions provided in Article 20. It is also very relevant for us in any complaint handling work – including the complaint handling work of your institution/body!

Please help us to find a "pragmatism by design" approach to the topic and signal your interest in participating in an EDPS Working Group on the issue to ute.kallenberger@edps.europa.eu

21/11/2013
21
Nov
2013

34th Meeting of the Data Protection Officers and the European Data Protection Supervisor

34th Meeting of the Data Protection Officers and the European Data Protection Supervisor – Brussels, 21-22 November 2013

Draft agendaPDF icon
Data Protection Case LawPDF icon
Conflicts of interestPDF icon
The transfer of personal data to third countries and international organisations by EU institutions and bodiesPDF icon
19/09/2013
19
Sep
2013

EU websites and professional use of mobile devices workshops

EU websites and professional use of mobile devices workshops – Brussels – Agenda will follow
EU institutions websites workshopPDF icon
Mobile devices workshopPDF icon
12/06/2013
12
Jun
2013

Workshop on e-Communication

A workshop on e-Communications was organised by EDPS in Brussels.

Please find here the presentations made on that occasion:

Policy and PrinciplesPDF icon
InternetPDF icon
Phone CommunicationsPDF icon
E-mailsPDF icon
17/04/2013
17
Apr
2013

Basic Training for DPOs

A basic training for DPOs took place at EDPS in Brussels.
Please find here the presentations made on that occasion:

Basic principles of the Regulation 45/2001 ECPDF icon
Rights of data subjectsPDF icon
Privacy statementPDF icon
Privacy statement - 360 degree feedback surveyPDF icon
Privacy statement - CCTV policyPDF icon
Privacy statement - Return to Work ProtocolPDF icon
DPO duties, prior checking procedure, EDPS online guidance, compliance toolsPDF icon
How to fill in a notification formPDF icon
28/02/2013
28
Feb
2013

DPO Meeting

The next DPO meeting will be hosted by the European Monitoring Centre for Drugs and Drug Addiction in Lisbonand is planned for 28 February - 1st March 2013

29/11/2012
29
Nov
2012

DPO Meeting

The next DPO meeting will be hosted by the European Central Bank (ECB) in Frankfurt and is planned for 29/30November 2012

Pages