European Data Protection Supervisor
European Data Protection Supervisor

Guidelines

Guidelines

Guidelines

Since the data protection implications of some functions common to all EU institutions, bodies and agencies are similar, we publish guidelines on specific subjects, such as recruitment, appraisals, use of IT equipment in the workplace and disciplinary procedures.  

These consolidate our guidance from our prior check Opinions, consultations and also include relevant guidance by the Article 29 Working Party and the case law of the European courts.

Our guidelines may be a useful source of inspiration for other organisations outside the EU institutions or may supplement the guidance offered by national data protection authorities.

Filters

Pages

07/12/2018
7
Dec
2018

Guidelines on Personal Data Breach Notification

EDPS guidelines on personal data breach notification for the European Union Institutions and Bodies.

23/03/2018
23
Mar
2018

IT governance and IT management

Guidelines on the protection of personal data in IT governance and IT management of EU institutions.

16/03/2018
16
Mar
2018

Guidelines on the use of cloud computing services by the European institutions and bodies

The EU institutions, bodies and agencies (“the EU institutions”) have been considering the use of cloud computing services because of advantages such as costs savings and flexibility gains. They are nevertheless faced with the specific risks that the cloud computing paradigm involves and remain fully responsible regarding their data protection obligations. For cloud services, the EU institutions should ensure an equivalent level of protection of personal data as for any other type of IT infrastructure model.

Topics:
06/02/2018
6
Feb
2018

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).

A provisional version of this text was published in February 2018.

SummaryPDF icon
Part IPDF icon
Part IIPDF icon
15/01/2018
15
Jan
2018

Articles 14-16 of the new Regulation 45/2001: Transparency rights and obligations

EDPS Guidance on Articles 14 - 16 of the proposal for a Regulation on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.

Topics:
18/11/2016
18
Nov
2016

Administrative Inquiries and Disciplinary Procedures

Guidelines on processing personal information in administrative inquiries and disciplinary proceedings

07/11/2016
7
Nov
2016

Mobile Applications

Guidelines on the protection of personal data processed by mobile applications provided by European Union institutions

Topics:
07/11/2016
7
Nov
2016

Web Services

Guidelines on the protection of personal data processed through web services provided by EU institutions

18/07/2016
18
Jul
2016

Whistleblowing Procedure

Guidelines on processing personal information within a whistleblowing procedure

21/03/2016
21
Mar
2016

Security Measures for Personal Data Processing

Guidance on Security Measures for Personal Data Processing - Article 22 of Regulation 45/2001

17/12/2015
17
Dec
2015

Mobile Devices

Guidelines on the protection of personal data in mobile devices used by European institutions (Mobile devices guidelines)

16/12/2015
16
Dec
2015

Electronic Communications

Guidelines on personal data and electronic communications in the EU institutions (eCommunications guidelines)

08/12/2014
8
Dec
2014

Conflicts of Interest

Guidelines on the processing of personal data with regard to the management of conflicts of interest in EU institutions and bodies

25/02/2014
25
Feb
2014

Rights of Individuals

Guidelines on the Rights of Individuals with regard to the Processing of Personal Data

02/12/2013
2
Dec
2013

Video-Surveillance - Follow-up

Follow-up Report to the 2010 EDPS Video-Surveillance Guidelines

23/06/2013
23
Jun
2013

Public Procurement, Grants and External Experts

Guidelines on processing of personal data in the context of Public Procurement, Grants as well as Selection and Use of External Experts

Annex IPDF icon
Annex IIPDF icon
20/12/2012
20
Dec
2012

Leave and Flexitime

Guidelines concerning the processing of personal data in the area of leave and flexitime

AnnexPDF icon
15/07/2011
15
Jul
2011

Staff Evaluation

Guidelines on evaluation of statutory staff in the context of annual appraisal, probation, promotion or regarding certification and attestation (2011-042)

Annex IPDF icon
Annex IIPDF icon
18/02/2011
18
Feb
2011

Anti-harassment procedures in European institutions and bodies

Guidelines concerning the processing of personal data during the selection of confidential counsellors and the informal procedures for cases of harassment in European institutions and bodies

Pages