European Data Protection Supervisor
European Data Protection Supervisor

Accountability

Accountability

Accountability is a common principle for organisations across many disciplines; the principle embodies that organisations live up to expectations for instance in the delivery of their products and their behaviour towards those they interact with. The General Data Protection Regulation (GDPR) integrates accountability as a principle which requires that organisations put in place appropriate technical and organisational measures and be able to demonstrate what they did and its effectiveness when requested.

Organisations, and not Data Protection Authorities, must demonstrate that they are compliant with the law.  Such measures include: adequate documentation on what personal data are processed, how, to what purpose, how long;  documented processes and procedures aiming at tackling data protection issues at an early state when building information systems or responding to a data breach; the presence of a Data Protection Officer that be integrated in the organisation planning and operations etc.

In 2015, in anticipation of the GDPR, the EDPS initiated a project to develop a framework for greater accountability in data processing to be applied to our own organisation, as an institution, a manager of financial resources and people - and a controller.

In addition, we have started to promote the accountability principle through visits to small, medium and large EU bodies to explain the new obligations resulting from the revised legal framework and the implications for EU institutions and the EDPS' work as their supervisory authority.

Filters

Pages

15/05/2017
15
May
2017

Put data protection accountability into practice

Hitting the ground running: How regulators and businesses can really put data protection accountability into practice, keynote speech by Giovanni Buttarelli at European Data Protection Days (EDPD) Conference, Berlin

12/05/2017
12
May
2017

Newsletter Nr. 51

The May 2017 edition of the EDPS Newsletter covers recently adopted Opinions on data protection and the EU institutions, digital content and the European Travel Information and Authorisation System (ETIAS), as well as many other EDPS activities.

04/05/2017
4
May
2017

2016 Annual Report - The state of privacy 2017: EDPS provides mid-mandate report

The new EU data protection framework consists of much more than just the GDPR. New rules for the EU institutions and ePrivacy are yet to be finalised, and remain a key focal point for EDPS work. As well as providing advice to the legislator on these new rules, the EDPS has started working with the EU institutions and bodies to prepare them for the changes to come. A particular focus of his efforts in 2016 was on promoting accountability, a central pillar of the GDPR which it is safe to assume will also be integrated into the new rules for EU institutions and bodies.

In 2016, the EDPS also made a considerable effort to help move the global debate on data protection and privacy forward and mainstream data protection into international policies. He advised the EU legislator on the Umbrella agreement and the Privacy Shield and engaged with data protection and privacy commissioners from every continent. He also continued to pursue new initiatives, such as the Ethics Advisory Group, through which he intends to stimulate global debate on the ethical dimension of data protection in the digital era.

The EDPS aims to make data protection as simple and effective as possible for all involved. This requires ensuring that EU policy both reflects the realities of data protection in the digital era and encourages compliance through accountability.

Full text of the Annual Report:PDF icon
E-book (e-pub):File
04/05/2017
4
May
2017

The state of privacy 2017: EDPS provides mid-mandate report

As we approach the mid-point of the current EDPS mandate and continue the countdown to the General Data Protection Regulation (GDPR), the EU must build on current momentum to reinforce its position as the leading force in the global dialogue on data protection and privacy in the digital age, the European Data Protection Supervisor (EDPS) said today to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), as he presented his 2016 Annual Report.

04/11/2016
4
Nov
2016

"Les données personnelles: entre protection et exploitation"

Speech by Giovanni Buttarelli at the Autumn School 2016 on the EU, University of Laval, Québec, Canada

19/10/2016
19
Oct
2016

Adequacy, Localisation and Cultural Determinism

Keynote speech by Giovanni Buttarelli at 38th International Privacy Conference, Marrakech, Morocco

30/09/2016
30
Sep
2016

The accountability principle in the new GDPR

Speech by Giovanni Buttarelli given at the European Court of Justice, Luxembourg

01/07/2016
1
Jul
2016

Newsletter Nr. 48

The July 2016 edition of the EDPS Newsletter covers the EDPS Opinion on Privacy Shield, the 2015 Annual Report, the EDPS Accountability Initiative and many other EDPS activities.

17/06/2016
17
Jun
2016

Convention 108: from a European reality to a global treaty

Speech by Giovanni Buttarelli at the Council of Europe International Conference, Strasbourg, France

01/02/2016
1
Feb
2016

The use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras - ECB

Prior-checking Opinion regarding the use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras at the European Central Bank (case 2015-0938)

This case marks the first prior-checking Opinion involving the assessment of a data protection impact assessment (DPIA).

The Opinion regards the use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras at the European Central Bank (ECB). Under the EDPS Video-surveillance Guidelines such "high-tech video-surveillance tools" are subject to prior checking and permissible only subject to a DPIA. The DPIA conducted by the ECB allowed the EDPS to assess the permissibility of the technique used by the ECB.

The EDPS concluded that, because of the comprehensiveness of the information provided in the notification, of the outcome of the assessment and of the circumstances driving the ECB to apply these measures, operations may start before certain additionally recommended data protection safeguards have been implemented.

19/11/2015
19
Nov
2015

Meeting the challenges of big data

Meeting the challenges of big data, A call for transparency, user control, data protection by design and accountability

09/10/2015
9
Oct
2015

EDPS recommendations on the EU’s options for data protection reform

Europe’s big opportunity, EDPS recommendations on the EU’s options for data protection reform

05/08/2015
5
Aug
2015

Newsletter Nr. 45

The August 2015 edition of the EDPS Newsletter covers EDPS recommendations on the reform of EU data protection legislation, the publication of the 2014 EDPS Annual Report, the EDPS Opinion on Mobile Health and many other EDPS activities.

30/07/2015
30
Jul
2015

Strategy 2015-2019

This report sets out the Strategy adopted by the EDPS for the period 2015-2019. As data protection affects almost every EU policy area and is a key factor in legitimising and increasing trust in EU policies, the new EDPS Strategy aims to provide a framework through which to promote a culture of data protection in the European institutions. It also promotes the idea of toolkits for policymakers to help them develop innovative solutions to data protection challenges.

Video

/file/02march2015png_en02_march_2015.png

Giovanni Buttarelli, EDPS and Frans Timmermans, First Vice-President, 2 March 2015
Giovanni Buttarelli, EDPS and Frans Timmermans, First Vice-President, 2 March 2015
Strategy 2015-2019 - Leading by ExamplePDF icon
Speech by Giovanni ButtarelliPDF icon
Press releasePDF icon
27/07/2015
27
Jul
2015

EDPS recommendations on the EU’s options for data protection reform

Europe’s big opportunity, EDPS recommendations on the EU’s options for data protection reform

Annex: Comparative table of GDPR texts with EDPS recommendationsPDF icon
02/03/2015
2
Mar
2015

Leading by Example: EDPS Strategy 2015-2019

This evening, the new European Data Protection Supervisor (EDPS) unveiled his Strategy for 2015-2019 to senior representatives of the EU institutions. Following his appointment three months ago, Giovanni Buttarelli summarised the objectives for his five-year mandate and the actions his Office will take to turn his vision into reality.

25/11/2014
25
Nov
2014

Rebuilding trust in financial services markets: 10 steps for responsible handling of personal information

Data protection can support the European economy, said the European Data Protection Supervisor (EDPS) today, following the publication of his Guidelines on data protection in EU financial services regulation.

24/07/2014
24
Jul
2014

Management of incident or technical fault reports - EP

Letter on the notification for prior-checking concerning "Management of incident or technical fault reports" within the European Parliament (Case 2014-0643)

Pages