European Data Protection Supervisor
Der Europäische Datenschutzbeauftragte

Leitlinien

Leitlinien

Guidelines

Da einige Aufgaben, die allen EU-Einrichtungen, Organen, Agenturen und Ämtern gemeinsam sind (EU-Institutionen), ähnliche Implikationen für den Datenschutz haben, veröffentlichen wir Leitfäden zu spezifischen Themen, wie Einstellungen, Beurteilungen, Nutzung von IT-Ausrüstung am Arbeitsplatz und Disziplinarverfahren.

Damit vertiefen wir unsere Beratung in den im Rahmen einer Vorabkontrolle abgegebenen Stellungnahmen und in Konsultationen; die Leitfäden umfassen außerdem die entsprechenden Leitlinien der Artikel-29-Datenschutzgruppe und die Rechtsprechung der europäischen Gerichte.

Unsere Leitfäden helfen nicht nur den EU-Institutionen, die Datenschutzgesetze einzuhalten und ihre Rechenschaftspflicht zu erfüllen, sondern können auch eine nützliche Inspirationsquelle für andere Organisationen außerhalb der europäischen Einrichtungen sein oder die Beratung durch die nationalen Datenschutzbehörden ergänzen.

Filters

Pages

07/11/2019
7
Nov
2019

Concepts of controller, processor and joint controllership under Regulation (EU) 2018/1725

When processing personal data, EU institutions and bodies (EUIs) must comply with specific data protection rules. Depending on their role, their obligations differ. The following guidelines provide explanation and practical advice to EU institutions and bodies on how to comply with Regulation (EU) 2018/1725 (‘the Regulation’).

18/07/2019
18
Jul
2019

International data transfers after Brexit

Information note on international data transfers after Brexit.

17/07/2019
17
Jul
2019

Data Protection Impact Assessment List

Under Article 39(4) of Regulation (EU) 2018/1725, the EDPS shall adopt a list of the kinds of processing operations subject to a data protection impact assessment (DPIA). Under paragraph 5 of the same Article, the EDPS may adopt a list of the kinds of processing operations not subject to a DPIA. For further information on how to use this list, please see the Accountability on the ground toolkit.

16/07/2019
16
Jul
2019

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).

A provisional version of this text was published in February 2018. The current version 1.3 was published in July 2019.

SummaryPDF icon
Part I: Records and threshold assessmentPDF icon
Part II: DPIAs and prior consultationPDF icon
25/02/2019
25
Feb
2019

EDPS Guidelines on assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data

As the independent advisor to the EU institutions and bodies under Regulation (EU) 1725/2018 on all matters concerning processing of personal data, the European Data Protection Supervisor (hereinafter, ‘the EDPS’) intends to issue Guidelines for assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data (hereinafter, ‘the Guidelines’).

The Guidelines complement the EDPS Necessity Toolkit  and specify, having regard to the fundamental right to the protection of personal data enshrined under Article 8 of the Charter, the more wide-ranging guidance by the Commission and the Council to check compatibility of legislative measures with the Charter of Fundamental Rights of the European Union.

Through this exercise, the EDPS aims at assisting EU institutions and bodies in the task of ensuring that any limitation of the fundamental right to the protection of personal data is compliant with the requirements of EU primary law.

Before issuing the Guidelines in their final version, the EDPS is launching a stakeholders’ consultation on the draft version of the Guidelines, which you can find hereunder.

The deadline for receiving your input is 4 April 2019. The replies to the consultation should be sent to the Policy and Consultation Unit of the EDPS: POLICY-CONSULT@edps.europa.eu

20/12/2018
20
Dec
2018

Guidance on Art. 25 of the Regulation 2018/1725

EDPS Guidance on Article 25 of the Regulation 2018/1725 and internal rules

07/12/2018
7
Dec
2018

Guidelines on Personal Data Breach Notification

EDPS guidelines on personal data breach notification for the European Union Institutions and Bodies.

23/03/2018
23
Mar
2018

IT governance and IT management

Guidelines on the protection of personal data in IT governance and IT management of EU institutions.

16/03/2018
16
Mar
2018

Guidelines on the use of cloud computing services by the European institutions and bodies

The EU institutions, bodies and agencies (“the EU institutions”) have been considering the use of cloud computing services because of advantages such as costs savings and flexibility gains. They are nevertheless faced with the specific risks that the cloud computing paradigm involves and remain fully responsible regarding their data protection obligations. For cloud services, the EU institutions should ensure an equivalent level of protection of personal data as for any other type of IT infrastructure model.

Topics:
15/01/2018
15
Jan
2018

Articles 14-16 of the new Regulation 45/2001: Transparency rights and obligations

EDPS Guidance on Articles 14 - 16 of the proposal for a Regulation on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.

Topics:
18/11/2016
18
Nov
2016

Administrative Inquiries and Disciplinary Procedures

Guidelines on processing personal information in administrative inquiries and disciplinary proceedings

07/11/2016
7
Nov
2016

Mobile Applications

Guidelines on the protection of personal data processed by mobile applications provided by European Union institutions

Topics:
07/11/2016
7
Nov
2016

Web Services

Guidelines on the protection of personal data processed through web services provided by EU institutions

18/07/2016
18
Jul
2016

Verfahren zur Meldung von Missständen

Leitlinien zur Verarbeitung personenbezogener Informationen im Rahmen eines Verfahrens zur Meldung von Missständen

21/03/2016
21
Mar
2016

Security Measures for Personal Data Processing

Guidance on Security Measures for Personal Data Processing - Article 22 of Regulation 45/2001

17/12/2015
17
Dec
2015

Mobilen Geräten

Leitlinien zum Schutz personenbezogener Daten auf von den EU-Organen genutzten mobilen Geräten

16/12/2015
16
Dec
2015

Elektronische Kommunikation

Leitlinien zu personenbezogenen Daten und elektronischer Kommunikation in den EU-Einrichtungen

08/12/2014
8
Dec
2014

Interessenkonflikten

Leitlinien für die Verarbeitung personenbezogener Daten im Hinblick auf das Management von Interessenkonflikten in den EU-Organen und –Einrichtungen

25/02/2014
25
Feb
2014

Rechten natürlicher Personen

Leitlinien zu den Rechten natürlicher Personen in Bezug auf die Verarbeitung personenbezogener Daten

Pages