European Data Protection Supervisor
Le Contrôleur Européen de la Protection des Données

Lignes directrices

Lignes directrices

Guidelines

Étant donné que les implications en matière de protection des données de certaines fonctions communes à l’ensemble des institutions, organes et organismes de l’Union (les institutions de l’UE) sont similaires, nous publions des lignes directrices sur des sujets spécifiques tels que le recrutement, les évaluations, l’utilisation de matériel informatique sur le lieu de travail et les procédures disciplinaires.  

Ces lignes directrices viennent consolider les conseils fournis dans nos avis de contrôle préalable et nos consultations et contiennent également des orientations pertinentes formulées par le groupe de travail Article 29 et la jurisprudence des juridictions européennes.

Nos lignes directrices aident non seulement les institutions de l’UE à se conformer à la législation et à appliquer le principe de responsabilité, mais constituent également une source précieuse d’inspiration pour les autres organisations ou peuvent venir compléter les orientations fournies par les autorités nationales chargées de la protection des données.

Filters

Pages

17/07/2019
17
Jul
2019

Data Protection Impact Assessment List

Under Article 39(4) of Regulation (EU) 2018/1725, the EDPS shall adopt a list of the kinds of processing operations subject to a data protection impact assessment (DPIA). Under paragraph 5 of the same Article, the EDPS may adopt a list of the kinds of processing operations not subject to a DPIA. For further information on how to use this list, please see the Accountability on the ground toolkit.

16/07/2019
16
Jul
2019

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).

A provisional version of this text was published in February 2018. The current version 1.3 was published in July 2019.

SummaryPDF icon
Part I: Records and threshold assessmentPDF icon
Part II: DPIAs and prior consultationPDF icon
25/02/2019
25
Feb
2019

EDPS Guidelines on assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data

As the independent advisor to the EU institutions and bodies under Regulation (EU) 1725/2018 on all matters concerning processing of personal data, the European Data Protection Supervisor (hereinafter, ‘the EDPS’) intends to issue Guidelines for assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data (hereinafter, ‘the Guidelines’).

The Guidelines complement the EDPS Necessity Toolkit  and specify, having regard to the fundamental right to the protection of personal data enshrined under Article 8 of the Charter, the more wide-ranging guidance by the Commission and the Council to check compatibility of legislative measures with the Charter of Fundamental Rights of the European Union.

Through this exercise, the EDPS aims at assisting EU institutions and bodies in the task of ensuring that any limitation of the fundamental right to the protection of personal data is compliant with the requirements of EU primary law.

Before issuing the Guidelines in their final version, the EDPS is launching a stakeholders’ consultation on the draft version of the Guidelines, which you can find hereunder.

The deadline for receiving your input is 4 April 2019. The replies to the consultation should be sent to the Policy and Consultation Unit of the EDPS: POLICY-CONSULT@edps.europa.eu

20/12/2018
20
Dec
2018

Guidance on Art. 25 of the Regulation 2018/1725

EDPS Guidance on Article 25 of the Regulation 2018/1725 and internal rules

07/12/2018
7
Dec
2018

Guidelines on Personal Data Breach Notification

EDPS guidelines on personal data breach notification for the European Union Institutions and Bodies.

23/03/2018
23
Mar
2018

IT governance and IT management

Guidelines on the protection of personal data in IT governance and IT management of EU institutions.

16/03/2018
16
Mar
2018

Guidelines on the use of cloud computing services by the European institutions and bodies

The EU institutions, bodies and agencies (“the EU institutions”) have been considering the use of cloud computing services because of advantages such as costs savings and flexibility gains. They are nevertheless faced with the specific risks that the cloud computing paradigm involves and remain fully responsible regarding their data protection obligations. For cloud services, the EU institutions should ensure an equivalent level of protection of personal data as for any other type of IT infrastructure model.

Topics:
15/01/2018
15
Jan
2018

Articles 14-16 of the new Regulation 45/2001: Transparency rights and obligations

EDPS Guidance on Articles 14 - 16 of the proposal for a Regulation on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.

Topics:
18/11/2016
18
Nov
2016

Administrative Inquiries and Disciplinary Procedures

Guidelines on processing personal information in administrative inquiries and disciplinary proceedings

07/11/2016
7
Nov
2016

Mobile Applications

Guidelines on the protection of personal data processed by mobile applications provided by European Union institutions

Topics:
07/11/2016
7
Nov
2016

Web Services

Guidelines on the protection of personal data processed through web services provided by EU institutions

18/07/2016
18
Jul
2016

Procédure d’alerte éthique

Lignes directrices relatives au traitement d’informations à caractère personnel dans le cadre d’une procédure d’alerte éthique

21/03/2016
21
Mar
2016

Security Measures for Personal Data Processing

Guidance on Security Measures for Personal Data Processing - Article 22 of Regulation 45/2001

17/12/2015
17
Dec
2015

Dispositifs Mobiles

Lignes directrices sur la protection des données à caractère personnel dans les dispositifs mobiles utilisés par les institutions européennes

16/12/2015
16
Dec
2015

Communications électroniques

Lignes directrices sur les données à caractère personnel et les communications électroniques au sein des institutions de l’Union

08/12/2014
8
Dec
2014

Conflits d'intérêts

Lignes directrices sur le traitement des données personnelles à l'égard de la gestion des conflits d'intérêts dans les institutions et organes de l'UE

25/02/2014
25
Feb
2014

Droits des individus

Lignes directrices sur les droits des individus concernant le traitement des données à caractère personnel

02/12/2013
2
Dec
2013
23/06/2013
23
Jun
2013

Public Procurement, Grants and External Experts

Guidelines on processing of personal data in the context of Public Procurement, Grants as well as Selection and Use of External Experts

Annex IPDF icon
Annex IIPDF icon

Pages