The EU institutions, bodies and agencies (“the EU institutions”) have been considering the use of cloud computing services because of advantages such as costs savings and flexibility gains. They are nevertheless faced with the specific risks that the cloud computing paradigm involves and remain fully responsible regarding their data protection obligations. For cloud services, the EU institutions should ensure an equivalent level of protection of personal data as for any other type of IT infrastructure model.
Since the data protection implications of some functions common to all EU institutions, bodies and agencies are similar, we publish guidelines on specific subjects, such as recruitment, appraisals, use of IT equipment in the workplace and disciplinary procedures.
These consolidate our guidance from our prior check Opinions, consultations and also include relevant guidance by the Article 29 Working Party and the case law of the European courts.
Our guidelines may be a useful source of inspiration for other organisations outside the EU institutions or may supplement the guidance offered by national data protection authorities.
EDPS Guidance on Articles 14 - 16 of the proposal for a Regulation on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
Guidelines on processing personal information in administrative inquiries and disciplinary proceedings