European Data Protection Supervisor
European Data Protection Supervisor

Administrative Measures

Administrative Measures

In line with the principle of accountability, EU institutions with the support of their DPOs are primarily responsible for complying with their data protection obligations.

To support them, the EDPS provides guidance on how to be compliant and we make sure that the rules are applied as they should be; our approach is to trust and verify.

When complex or novel issues arise, we will offer advice as necessary to guide and navigate through the complexities to ensure compliance.

Article 57(1)(g) of Regulation (EU) 2018/1725 outlines that EU institutions and DPOs can consult the EDPS for advice when drawing up measures or internal (administrative) rules that involve the processing of personal information, if they are complex or may pose risks to the rights and freedoms of individuals.

In any case, the EU institutions are obliged to inform or consult the EDPS when they adopt administrative rules that involve the processing of personal data (Article 41 of the Regulation (EU) 2018/1725) regardless of the level of risk.

We have issued a policy paper to guide EU institutions and bodies as to when they must consult us.

Our Opinions on administrative consultations have covered a diverse range of subjects such as the publication of personal data on the internet, the use of email in the workplace, the transfers of personal data to non-EU countries and the billing of individual users for non‑work related phone calls.

Not all of our replies to consultations are made public; those that we believe are useful for other institutions and the persons affected are published on this website.

In addition, some of the measures we are consulted on are sensitive and must therefore be treated confidentially.


Filters

Pages

23/01/2017
23
Jan
2017

Ombudsman's policy on the third party data subject policy (consultation and exemption under Article 12(2) of Regulation 45/2001)

Letter of 23 January 2017 to Data Protection Officer of the European Ombudsman relating to the Ombudsman's third party data subject policy (Case 2016-0692)

10/03/2016
10
Mar
2016

Use of a US-based company for sending out alerts and newsletters - EEAS

Letter on the use of a US-based company for sending out alerts and newsletters at the European External Action Service (Case 2015-1122)

20/04/2015
20
Apr
2015

Conflicts of interest of members of expert groups in a personal capacity - EC

Letter regarding the consultation under Article 46(d) on managing conflicts of interest of members of expert groups in a personal capacity (Case 2015-0144)

09/01/2014
9
Jan
2014

Data breach involving the mass disclosure of e-mail addresses

Letter regarding the consultation under Article 46(d) on the notification of a data breach involving the mass disclosure of e-mail addresses (Case 2013-1337)

20/09/2013
20
Sep
2013

Public access request to a list of gifts received by ECB members of staff

Answer concerning public access request to a list of gifts received by ECB members of staff (Case 2013-0550)

09/04/2013
9
Apr
2013

Transfer of staff data to Permanent Representations - Research Executive Agency

Answer to a consultation regarding transfer of staff data to Permanent Representations (Case 2013-0147)

23/10/2012
23
Oct
2012

Work life balance for women members of the European Parliament

Consultation concerning the processing covering the Work life balance for women members of the European Parliament (Case 2012-0770)

23/07/2012
23
Jul
2012

Données médicales de candidats d'embauche entre les institutions - EC

Réponse concernant le projet de conclusion des Chefs d'Administration relatif au transfert des données médicales de candidats d'embauche entre les institutions (Dossier 2012-0495)

16/07/2012
16
Jul
2012

Model Data Protection Clauses - OLAF

Answer to a consultation on OLAF revised Model Data Protection Contractual Clauses to be used in Administrative Cooperation Agreements (ACAs) concluded with third country authorities or international organisations (Case 2012-0086)

Answer of 3 April 2012 to a consultation on OLAF revised Model Data Protection Contractual Clauses to be used in Administrative Cooperation Agreements (ACAs) concluded with third country authorities or international organisations (Case 2012-0086)

Answer of 16 July 2012PDF icon
Answer of 3 April 2012PDF icon
01/03/2012
1
Mar
2012

Billing individual users of fixed phone calls made for non-work related purposes - EFSA

Answer to Data protection officer of the European Food Safety Authority concerning EFSA policy for billing individual users of fixed phone calls made for non-work related purposes

08/02/2012
8
Feb
2012

Publication on the Internet of the official directory of the agents of European institutions of bodies

Answer regarding the publication on the Internet of the official directory of the agents of European institutions of bodies

17/02/2011
17
Feb
2011

Publication of employees' pictures on the Intranet - Committee of the Regions

Answer to a consultation regarding publication of employees' pictures on the Intranet of the Committee of Regions (Case 2010-0721)

21/12/2010
21
Dec
2010

Transfer of personal data to American Express Corporate Travel SA (AMEX) - EFSA

Answer to a consultation regarding transfer of personal data of EFSA external experts by EFSA to American Express Corporate Travel SA (AMEX). (Case 2009-390)

04/10/2010
4
Oct
2010

International transfers: application of Article 9 of Regulation 45/200

Letter to Data Protection Officer of the European Aviation Safety Agency concerning international transfers

30/07/2010
30
Jul
2010

Confidentiality of informants' identity

Letter to the European Ombudsman regarding request for access to documents

26/03/2010
26
Mar
2010

IT administrator rights - EIB

Recommendations of the EDPS on a consultation regarding the management of IT administrator access to personal data stored in IT systems and applications

03/03/2010
3
Mar
2010

Recording activities - European Economic and Social Committee

Observations of the EDPS regarding the draft regulation on recording activities at the EESC

01/02/2010
1
Feb
2010

Policy on the internal use of e-mail - European Commission

EDPS Comments on the Commission policy on the internal use of e-mail

Follow-up letter of 12 July 2010PDF icon
28/01/2010
28
Jan
2010

Publication des soldes de points dans le cadre d'un exercice de promotion

Lettre concernant la publication des soldes de points dans le cadre d'un exercice de promotion par le CESE

08/12/2009
8
Dec
2009

Personal files at ETF

Analysis of the EDPS on a consultation on personal files

Pages