European Data Protection Supervisor
Le Contrôleur Européen de la Protection des Données

Responsabilité du responsable du traitement

Responsabilité du responsable du traitement

Le principe de responsabilité est un principe commun pour les organisations dans de nombreuses disciplines ; le principe comprend le fait que les organisations répondent aux attentes, par exemple dans la fourniture de leurs produits et leur comportement à l’égard de ceux avec lesquels elles interagissent. Le règlement général sur la protection des données (RGPD) intègre la responsabilité du responsable du traitement en tant que principe exigeant des organisations qu’elles mettent en place des mesures techniques et organisationnelles appropriées et qu’elles soient en mesure de démontrer ce qu’elles ont fait et son efficacité sur demande.

Les organisations, et non les autorités chargées de la protection des données, doivent démontrer qu’elles se conforment à la loi. Ces mesures incluent: des documents adéquats concernant ce sur quoi porte le traitement des données à caractère personnel ainsi que la façon dont le traitement est effectué, sa finalité et sa durée; des processus et procédures documentés visant à aborder les questions en matière de protection des données à un stade précoce lors de la création des systèmes d’information ou de la réponse à une violation des données; la présence d’un délégué à la protection des données à intégrer dans la planification et les activités de l’organisation, etc.

En 2015, en prévision du RGPD, le CEPD a entrepris un projet visant à développer un cadre pour une plus grande responsabilité dans le traitement des données à appliquer à votre propre organisation, en tant qu’institution, gestionnaire des ressources financières et du personnel et en tant que responsable du traitement.

En outre, nous avons commencé à promouvoir le principe de responsabilité au moyen de visites dans les petits, moyens et grands organes de l’UE afin d’expliquer les nouvelles obligations résultant du cadre juridique révisé ainsi que les implications pour les institutions de l’UE et les travaux du CEPD en tant qu’autorité de contrôle pour ces dernières..

Filters

Pages

03/12/2019
3
Dec
2019

Leading by Example: EDPS 2015-2019

Le présent rapport fournit une vue d'ensemble des activités menées par le CEPD de 2015 à 2019. En particulier, il met l'accent sur la manière dont le CEPD a travaillé à la mise en œuvre des objectifs définis dans sa stratégie 2015-2019, qui concernent la numérisation, les partenariats mondiaux et la modernisation de la protection des données. Cela impliquait non seulement de contribuer à des textes législatifs historiques, tels que le règlement général sur la protection des données (RGPD) et le règlement 2018/1725, mais également de porter les concepts d'éthique et de responsabilisation au premier plan du discours et de l'application de la protection des données.

HTML:    EN

HTML (Résumé):    DE    EN    FR

Full text of Leading by Example: EDPS 2015-2019:PDF icon
Résumé (PDF):PDF icon
17/07/2019
17
Jul
2019

Data Protection Impact Assessment List

Under Article 39(4) of Regulation (EU) 2018/1725, the EDPS shall adopt a list of the kinds of processing operations subject to a data protection impact assessment (DPIA). Under paragraph 5 of the same Article, the EDPS may adopt a list of the kinds of processing operations not subject to a DPIA. For further information on how to use this list, please see the Accountability on the ground toolkit.

16/07/2019
16
Jul
2019

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).

A provisional version of this text was published in February 2018. The current version 1.3 was published in July 2019.

SummaryPDF icon
Part I: Records and threshold assessmentPDF icon
Part II: DPIAs and prior consultationPDF icon
26/02/2019
26
Feb
2019

EDPS launches first Annual Report of new data protection era

2018 was a busy year for the EDPS and a pivotal year for data protection in general. Under new data protection rules, the rights of every individual living in the EU are now better protected than ever, the European Data Protection Supervisor (EDPS) said today, as he presented his 2018 Annual Report to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE).

23/05/2018
23
May
2018

EDPS welcomes agreement on new data protection rules for the EU institutions and bodies

Just two days from now, the General Data Protection Regulation (GDPR) will become fully applicable to all companies and organisations operating within the EU.

20/03/2018
20
Mar
2018

Data Protection and Privacy in 2018: Going beyond the GDPR

2018 will be a landmark year for data protection. As co-host of the 2018 International Conference of Data Protection and Privacy Commissioners (ICDPPC) and a key player in the reform and implementation of the new EU data protection framework, the EDPS will remain at the forefront of the global dialogue on data protection and privacy in the digital age, the European Data Protection Supervisor (EDPS) said today, as he presented his 2017 Annual Report to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE).

30/11/2017
30
Nov
2017

8th Annual Data Protection and Privacy Conference

8th Annual Data Protection and Privacy Conference, Speech by Giovanni Buttarelli,  Brussels, Belgium

Wednesday, 8 November, 2017
8
Nov
2017

Newsletter (N°
54
)

In the October 2017 edition of the EDPS Newsletter we cover the theme for the 2018 International Conference of Data Protection and Privacy Commissioners, our priorities for the next 12 months, and our ongoing training in preparation for the new Regulation.
15/05/2017
15
May
2017

Put data protection accountability into practice

Hitting the ground running: How regulators and businesses can really put data protection accountability into practice, keynote speech by Giovanni Buttarelli at European Data Protection Days (EDPD) Conference, Berlin

12/05/2017
12
May
2017

Newsletter Nr. 51

The May 2017 edition of the EDPS Newsletter covers recently adopted Opinions on data protection and the EU institutions, digital content and the European Travel Information and Authorisation System (ETIAS), as well as many other EDPS activities.

04/05/2017
4
May
2017

2016 Annual Report - The state of privacy 2017: EDPS provides mid-mandate report

The new EU data protection framework consists of much more than just the GDPR. New rules for the EU institutions and ePrivacy are yet to be finalised, and remain a key focal point for EDPS work. As well as providing advice to the legislator on these new rules, the EDPS has started working with the EU institutions and bodies to prepare them for the changes to come. A particular focus of his efforts in 2016 was on promoting accountability, a central pillar of the GDPR which it is safe to assume will also be integrated into the new rules for EU institutions and bodies.

In 2016, the EDPS also made a considerable effort to help move the global debate on data protection and privacy forward and mainstream data protection into international policies. He advised the EU legislator on the Umbrella agreement and the Privacy Shield and engaged with data protection and privacy commissioners from every continent. He also continued to pursue new initiatives, such as the Ethics Advisory Group, through which he intends to stimulate global debate on the ethical dimension of data protection in the digital era.

The EDPS aims to make data protection as simple and effective as possible for all involved. This requires ensuring that EU policy both reflects the realities of data protection in the digital era and encourages compliance through accountability.

Full text of the Annual Report:PDF icon
E-book (e-pub):File
04/05/2017
4
May
2017

The state of privacy 2017: EDPS provides mid-mandate report

As we approach the mid-point of the current EDPS mandate and continue the countdown to the General Data Protection Regulation (GDPR), the EU must build on current momentum to reinforce its position as the leading force in the global dialogue on data protection and privacy in the digital age, the European Data Protection Supervisor (EDPS) said today to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), as he presented his 2016 Annual Report.

04/11/2016
4
Nov
2016

"Les données personnelles: entre protection et exploitation"

Speech by Giovanni Buttarelli at the Autumn School 2016 on the EU, University of Laval, Québec, Canada

19/10/2016
19
Oct
2016

Adequacy, Localisation and Cultural Determinism

Keynote speech by Giovanni Buttarelli at 38th International Privacy Conference, Marrakech, Morocco

30/09/2016
30
Sep
2016

The accountability principle in the new GDPR

Speech by Giovanni Buttarelli given at the European Court of Justice, Luxembourg

01/07/2016
1
Jul
2016

Newsletter Nr. 48

The July 2016 edition of the EDPS Newsletter covers the EDPS Opinion on Privacy Shield, the 2015 Annual Report, the EDPS Accountability Initiative and many other EDPS activities.

17/06/2016
17
Jun
2016

Convention 108: from a European reality to a global treaty

Speech by Giovanni Buttarelli at the Council of Europe International Conference, Strasbourg, France

01/02/2016
1
Feb
2016

Utilisation de caméras d’imagerie thermique et la fonctionnalité de suivi automatique des caméras - BCE

Prior-checking Opinion regarding the use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras at the European Central Bank (case 2015-0938)

19/11/2015
19
Nov
2015

Relever les défis des données massives

Relever les défis des données massives, un appel à la transparence, au contrôle par l'utilisateur, à la protection des données dès la conception et à la reddition de comptes

Pages