European Data Protection Supervisor
European Data Protection Supervisor

Administrative Measures

Administrative Measures

In line with the principle of accountability, EU institutions with the support of their DPOs are primarily responsible for complying with their data protection obligations.

To support them, the EDPS provides guidance on how to be compliant and we make sure that the rules are applied as they should be; our approach is to trust and verify.

When complex or novel issues arise, we will offer advice as necessary to guide and navigate through the complexities to ensure compliance.

Article 46(d) of Regulation (EC) No 45/2001 outlines that EU institutions and DPOs can consult the EDPS for advice when drawing up measures or internal (administrative) rules that involve the processing of personal information, if they are complex or may pose risks to the rights and freedoms of individuals.

In any case, the EU institutions are obliged to inform the EDPS when they adopt administrative rules that involve the processing of personal data (Article 28(1) of the Regulation (EC) No 45/2001) regardless of the level of risk.

We have issued a policy paper to guide EU institutions and bodies as to when they must consult us.

Our Opinions on administrative consultations have covered a diverse range of subjects such as the publication of personal data on the internet, the use of email in the workplace, the transfers of personal data to non-EU countries and the billing of individual users for non‑work related phone calls.

Not all of our replies to consultations are made public; those that we believe are useful for other institutions and the persons affected are published on this website.

In addition, some of the measures we are consulted on are sensitive and must therefore be treated confidentially.


Filters

Pages

17/01/2018
17
Jan
2018

Transfers of personal data - ECDC

EDPS Decision pursuant to Article 9(7) of Regulation (EC) No 45/2001 concerning the transfers of personal data carried out by the European Centre for Disease Prevention and Control (ECDC) to the World Health Organization (WHO) (Case 2017-1120)

23/01/2017
23
Jan
2017

Ombudsman's policy on the third party data subject policy (consultation and exemption under Article 12(2) of Regulation 45/2001)

Letter of 23 January 2017 to Data Protection Officer of the European Ombudsman relating to the Ombudsman's third party data subject policy (Case 2016-0692)

03/06/2016
3
Jun
2016

Transfers of personal data in supervisory activities - ECB

EDPS Decision pursuant to Article 9(7) of Regulation (EC) No 45/2001 concerning the transfers of personal data carried out by the European Central Bank for its supervisory activities (Case 2016-0308)

10/03/2016
10
Mar
2016

Use of a US-based company for sending out alerts and newsletters - EEAS

Letter on the use of a US-based company for sending out alerts and newsletters at the European External Action Service (Case 2015-1122)

20/04/2015
20
Apr
2015

Conflicts of interest of members of expert groups in a personal capacity - EC

Letter regarding the consultation under Article 46(d) on managing conflicts of interest of members of expert groups in a personal capacity (Case 2015-0144)

13/02/2014
13
Feb
2014

Investigative Data Consultation Platform - OLAF

EDPS Decision concerning the transfers of personal data carried out by OLAF through the Investigative Data Consultation Platform pursuant to Article 9(7) of Regulation (EC) No 45/2001

Annex - Draft Administrative Cooperation Arrangement between the "European Anti-Fraud Office" (OLAF) and [The Partner]PDF icon
09/01/2014
9
Jan
2014

Data breach involving the mass disclosure of e-mail addresses

Letter regarding the consultation under Article 46(d) on the notification of a data breach involving the mass disclosure of e-mail addresses (Case 2013-1337)

20/09/2013
20
Sep
2013

Public access request to a list of gifts received by ECB members of staff

Answer concerning public access request to a list of gifts received by ECB members of staff (Case 2013-0550)

09/04/2013
9
Apr
2013

Transfer of staff data to Permanent Representations - Research Executive Agency

Answer to a consultation regarding transfer of staff data to Permanent Representations (Case 2013-0147)

23/10/2012
23
Oct
2012

Work life balance for women members of the European Parliament

Consultation concerning the processing covering the Work life balance for women members of the European Parliament (Case 2012-0770)

23/07/2012
23
Jul
2012

Données médicales de candidats d'embauche entre les institutions - EC

Réponse concernant le projet de conclusion des Chefs d'Administration relatif au transfert des données médicales de candidats d'embauche entre les institutions (Dossier 2012-0495)

16/07/2012
16
Jul
2012

Model Data Protection Clauses - OLAF

Answer to a consultation on OLAF revised Model Data Protection Contractual Clauses to be used in Administrative Cooperation Agreements (ACAs) concluded with third country authorities or international organisations (Case 2012-0086)

Answer of 3 April 2012 to a consultation on OLAF revised Model Data Protection Contractual Clauses to be used in Administrative Cooperation Agreements (ACAs) concluded with third country authorities or international organisations (Case 2012-0086)

Answer of 16 July 2012PDF icon
Answer of 3 April 2012PDF icon
01/03/2012
1
Mar
2012

Billing individual users of fixed phone calls made for non-work related purposes - EFSA

Answer to Data protection officer of the European Food Safety Authority concerning EFSA policy for billing individual users of fixed phone calls made for non-work related purposes

08/02/2012
8
Feb
2012

Publication on the Internet of the official directory of the agents of European institutions of bodies

Answer regarding the publication on the Internet of the official directory of the agents of European institutions of bodies

17/02/2011
17
Feb
2011

Publication of employees' pictures on the Intranet - Committee of the Regions

Answer to a consultation regarding publication of employees' pictures on the Intranet of the Committee of Regions (Case 2010-0721)

21/12/2010
21
Dec
2010

Transfer of personal data to American Express Corporate Travel SA (AMEX) - EFSA

Answer to a consultation regarding transfer of personal data of EFSA external experts by EFSA to American Express Corporate Travel SA (AMEX). (Case 2009-390)

04/10/2010
4
Oct
2010

International transfers: application of Article 9 of Regulation 45/200

Letter to Data Protection Officer of the European Aviation Safety Agency concerning international transfers

30/07/2010
30
Jul
2010

Confidentiality of informants' identity

Letter to the European Ombudsman regarding request for access to documents

26/03/2010
26
Mar
2010

IT administrator rights - EIB

Recommendations of the EDPS on a consultation regarding the management of IT administrator access to personal data stored in IT systems and applications

03/03/2010
3
Mar
2010

Recording activities - European Economic and Social Committee

Observations of the EDPS regarding the draft regulation on recording activities at the EESC

Pages