Inspections allow us to verify how data protection is applied in practice at an EU institution.
We choose to inspect an EU institution by taking into account a number of factors, including the results of our risk analysis, whether special categories of data are processed, the time elapsed since the last inspection and whether there has been an increase in the numbers of complaints.
We also ensure that we cover institutions, bodies and agencies of all sizes in our annual inspection planning.
Inspections or other on-site checks (for example, as part of our inquiries) may also be triggered by complaints, if they require verification on the spot.
Our supervisory work also requires us to regularly inspect several large-scale IT systems : at least every four years for the Visa Information System and the Schengen Information System and at least every three years for EURODAC.
The reports of our inspections are not made public, but we do periodically summarise these, for instance in our newsletter and annual report.
You may also want to check our Factsheet on the topic.