European Data Protection Supervisor
European Data Protection Supervisor

Accountability

Accountability

Accountability is a common principle for organisations across many disciplines; the principle embodies that organisations live up to expectations for instance in the delivery of their products and their behaviour towards those they interact with. The General Data Protection Regulation (GDPR) integrates accountability as a principle which requires that organisations put in place appropriate technical and organisational measures and be able to demonstrate what they did and its effectiveness when requested.

Organisations, and not Data Protection Authorities, must demonstrate that they are compliant with the law.  Such measures include: adequate documentation on what personal data are processed, how, to what purpose, how long;  documented processes and procedures aiming at tackling data protection issues at an early state when building information systems or responding to a data breach; the presence of a Data Protection Officer that be integrated in the organisation planning and operations etc.

In 2015, in anticipation of the GDPR, the EDPS initiated a project to develop a framework for greater accountability in data processing to be applied to our own organisation, as an institution, a manager of financial resources and people - and a controller.

In addition, we have started to promote the accountability principle through visits to small, medium and large EU bodies to explain the new obligations resulting from the revised legal framework and the implications for EU institutions and the EDPS' work as their supervisory authority.

Filters

Pages

23/05/2018
23
May
2018

EDPS welcomes agreement on new data protection rules for the EU institutions and bodies

Just two days from now, the General Data Protection Regulation (GDPR) will become fully applicable to all companies and organisations operating within the EU.

20/03/2018
20
Mar
2018

Data Protection and Privacy in 2018: Going beyond the GDPR

2018 will be a landmark year for data protection. As co-host of the 2018 International Conference of Data Protection and Privacy Commissioners (ICDPPC) and a key player in the reform and implementation of the new EU data protection framework, the EDPS will remain at the forefront of the global dialogue on data protection and privacy in the digital age, the European Data Protection Supervisor (EDPS) said today, as he presented his 2017 Annual Report to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE).

06/02/2018
6
Feb
2018

Accountability on the ground: Provisional guidance on documenting processing operations for EU institutions, bodies and agencies

Accountability on the ground: Provisional guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS. As the text of the 'new Regulation 45' on data protection in the EU institutions  is not formally adopted yet, this guidance is provisional and will be updated once a final text will be published in the Official Journal.  Nonetheless, it can already be helpful for the EUIs to prepare for their new obligations (Articles 31, 39 and 40 of the 'new Regulation 45').


This text was updated in July 2018 to adapt it to the politically agreed text for the 'new Regulation 45' (Council Document 9296/18), add a few clarifications, as well as to correct a number of errors.

SummaryPDF icon
Part IPDF icon
Part IIPDF icon
30/11/2017
30
Nov
2017

8th Annual Data Protection and Privacy Conference

8th Annual Data Protection and Privacy Conference, Speech by Giovanni Buttarelli,  Brussels, Belgium

Wednesday, 8 November, 2017
8
Nov
2017

Newsletter (N°
54
)

In the October 2017 edition of the EDPS Newsletter we cover the theme for the 2018 International Conference of Data Protection and Privacy Commissioners, our priorities for the next 12 months, and our ongoing training in preparation for the new Regulation.
15/05/2017
15
May
2017

Put data protection accountability into practice

Hitting the ground running: How regulators and businesses can really put data protection accountability into practice, keynote speech by Giovanni Buttarelli at European Data Protection Days (EDPD) Conference, Berlin

12/05/2017
12
May
2017

Newsletter Nr. 51

The May 2017 edition of the EDPS Newsletter covers recently adopted Opinions on data protection and the EU institutions, digital content and the European Travel Information and Authorisation System (ETIAS), as well as many other EDPS activities.

04/05/2017
4
May
2017

2016 Annual Report - The state of privacy 2017: EDPS provides mid-mandate report

The new EU data protection framework consists of much more than just the GDPR. New rules for the EU institutions and ePrivacy are yet to be finalised, and remain a key focal point for EDPS work. As well as providing advice to the legislator on these new rules, the EDPS has started working with the EU institutions and bodies to prepare them for the changes to come. A particular focus of his efforts in 2016 was on promoting accountability, a central pillar of the GDPR which it is safe to assume will also be integrated into the new rules for EU institutions and bodies.

In 2016, the EDPS also made a considerable effort to help move the global debate on data protection and privacy forward and mainstream data protection into international policies. He advised the EU legislator on the Umbrella agreement and the Privacy Shield and engaged with data protection and privacy commissioners from every continent. He also continued to pursue new initiatives, such as the Ethics Advisory Group, through which he intends to stimulate global debate on the ethical dimension of data protection in the digital era.

The EDPS aims to make data protection as simple and effective as possible for all involved. This requires ensuring that EU policy both reflects the realities of data protection in the digital era and encourages compliance through accountability.

Full text of the Annual Report:PDF icon
E-book (e-pub):File
04/05/2017
4
May
2017

The state of privacy 2017: EDPS provides mid-mandate report

As we approach the mid-point of the current EDPS mandate and continue the countdown to the General Data Protection Regulation (GDPR), the EU must build on current momentum to reinforce its position as the leading force in the global dialogue on data protection and privacy in the digital age, the European Data Protection Supervisor (EDPS) said today to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), as he presented his 2016 Annual Report.

04/11/2016
4
Nov
2016

"Les données personnelles: entre protection et exploitation"

Speech by Giovanni Buttarelli at the Autumn School 2016 on the EU, University of Laval, Québec, Canada

19/10/2016
19
Oct
2016

Adequacy, Localisation and Cultural Determinism

Keynote speech by Giovanni Buttarelli at 38th International Privacy Conference, Marrakech, Morocco

30/09/2016
30
Sep
2016

The accountability principle in the new GDPR

Speech by Giovanni Buttarelli given at the European Court of Justice, Luxembourg

01/07/2016
1
Jul
2016

Newsletter Nr. 48

The July 2016 edition of the EDPS Newsletter covers the EDPS Opinion on Privacy Shield, the 2015 Annual Report, the EDPS Accountability Initiative and many other EDPS activities.

17/06/2016
17
Jun
2016

Convention 108: from a European reality to a global treaty

Speech by Giovanni Buttarelli at the Council of Europe International Conference, Strasbourg, France

01/02/2016
1
Feb
2016

The use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras - ECB

Prior-checking Opinion regarding the use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras at the European Central Bank (case 2015-0938)

This case marks the first prior-checking Opinion involving the assessment of a data protection impact assessment (DPIA).

The Opinion regards the use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras at the European Central Bank (ECB). Under the EDPS Video-surveillance Guidelines such "high-tech video-surveillance tools" are subject to prior checking and permissible only subject to a DPIA. The DPIA conducted by the ECB allowed the EDPS to assess the permissibility of the technique used by the ECB.

The EDPS concluded that, because of the comprehensiveness of the information provided in the notification, of the outcome of the assessment and of the circumstances driving the ECB to apply these measures, operations may start before certain additionally recommended data protection safeguards have been implemented.

19/11/2015
19
Nov
2015

Meeting the challenges of big data

Meeting the challenges of big data, A call for transparency, user control, data protection by design and accountability

09/10/2015
9
Oct
2015

EDPS recommendations on the EU’s options for data protection reform

Europe’s big opportunity, EDPS recommendations on the EU’s options for data protection reform

05/08/2015
5
Aug
2015

Newsletter Nr. 45

The August 2015 edition of the EDPS Newsletter covers EDPS recommendations on the reform of EU data protection legislation, the publication of the 2014 EDPS Annual Report, the EDPS Opinion on Mobile Health and many other EDPS activities.

Pages