Print

News & Events

DPO News and events

4
Jun
2021

49th Virtual Meeting of the Data Protection Officers and the EDPS

49th Meeting of the Data Protection Officers of the EU institutions and the European Data Protection Supervisor, virtual meeting.

Blogpost by EDPS Director Leonardo Cervera Navas.

Agenda
Available languages: English
Workshop data breach notification guidelines
Available languages: English
Workshop data breaches notifications summary
Available languages: English
Presentation: software alternatives
Available languages: English
Presentation: International Transfers and Cloud Services
Available languages: English
Data Protection Impact Assessment (DPIA), Part 1
Available languages: English
Data Protection Impact Assessment (DPIA), Part 2
Available languages: English
Workshop on EDPS-DPOs cooperation
Available languages: English
Conclusions
Available languages: English
28
Apr
2021

Remote audit on Article 25

Regarding the remote audit on Article 25 (case 2021-0165) launched on 13 April 2021, WORD version of Annex 4 and Annex 5 of the Announcement Letter are available below.

Fundamental rights, enshrined in the Charter of Fundamental Rights of the European Union (‘Charter’), constitute the core values of the European Union. The conditions for possible limitations on the exercise of fundamental rights are of utmost importance, because they determine the extent to which the rights can effectively be enjoyed. Article 52(1) of the Charter states that any limitation on the exercise of the right to personal data protection (Article 8 of the Charter) must be necessary for an objective of general interest or to protect the rights and freedoms of others. In matters relating to the operation of the Union institutions and bodies (`EUIs´), Article 25 of Regulation (EU) 1725/2018 (`Regulation´) states that Internal Rules may restrict the application of data subjects´ rights, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard a certain number of legally protected interests. 

 

This remote audit aims at understanding how EUIs have taken into account the recommendations issued by the EDPS when drafting their Internal Rules. It further looks into the application of these Internal Rules in practice by examining actual cases of EUIs restricting data subjects´ rights. In assessing compliance, the EDPS takes into account in particular the EDPS Guidance on Article 25 of the Regulation of June 2020 (‘EDPS Guidance’).

The decision to carry out a remote audit on these topics was determined by taking into account the following points:

  • The fact that decisions under Article 25 of the Regulation restrict fundamental rights, i.e. represent a high impact on data subjects;
  • The high number EUIs concerned gives a horizontal view on a topic that has proven to be contentious, in particular in complaints relating to access requests under Article 17 of the Regulation.

Like any audit, this audit has been a learning exercise for the EDPS, which may in turn lead the EDPS to update existing guidance in due time. Against this background, this general report is published with a view to reporting on the overall results of the audit and providing guidance to all EUIs on best practices identified during the exercise.

 

Annex 4
Available languages: English
Annex 5
Available languages: English
Audit Report
Available languages: English
21
Dec
2020

48th Virtual Meeting of the Data Protection Officers and the EDPS

48th Meeting of the Data Protection Officers of the EU institutions and the European Data Protection Supervisor, virtual meeting.

Agenda
Available languages: English
S&E priorities
Available languages: English
EDPS strategy
Available languages: English
EDPB supplementary measures
Available languages: English
Technology, challenges
Available languages: English
8
May
2020

47th Virtual Meeting of the Data Protection Officers and the EDPS

47th Meeting of the Data Protection Officers of the EU institutions and the European Data Protection Supervisor, virtual meeting.

Agenda
Available languages: English
Public Communication
Available languages: English
Use of social media by EU institutions and bodies
Available languages: English
Monitoring social media - risks
Available languages: English
Use of social media - technical aspects mitigating measures, privacy friendly social networks
Available languages: English
Registers - best practices findings when inspecting
Available languages: English
Microsoft findings and recommendations
Available languages: English
Covid-19 and data protection
Available languages: English
18
Feb
2020

Trainings on Regulation (EU) 2018/1725 for EUI's controllers

New thematic trainings in light of Regulation (EU) 2018/1725 for EUI's controllers at the European School of Administration (EUSA), Brussels:

You may enrol on EU learn.

  • 18 February: controllers-processors / joint controllership
  • 26 February: events management
  • 4 March: controllers-processors / joint controllership (EUSA in Luxembourg!)
  • 10 March: controllers-processors / joint controllership
  • 1 July: Data protection in procurement and outsourcing processing of personal data
  • 14 September: Arrangements with processors and how to use in practice SCCs for processors adopted by the EDPS
  • 20 October: Transfers of data, in particular international transfers
  • 18 November: International transfers