Privacy by Design
Data protection by design aims to build data protection and privacy into the design of processing operations and information systems, in order to comply with data protection principles. Organisations are required to take into account the protection of the rights of individuals, both before and during their processing activities, by implementing the appropriate technical and organisation measures to ensure that they fulfil their data protection obligations. To ensure that this key principle of the General Data Protection Regulation is applied in practice, the EDPS will issue guidance documents.
With this Opinion, issued pursuant to Article 42(1) of Regulation (EU) 2018/1725, the EDPS puts forward recommendations aiming at minimizing the impact of a Commission’s legislative proposal amending Directive 2011/16/EU on administrative cooperation in the field of taxation on the fundamental right to privacy and to the protection of personal data of individuals. These recommendations are intended to ensure compliance with the applicable data protection legal framework, while avoiding jeopardizing the efficacy and efficiency of the administrative action on the fight against tax evasion.
2019 could be described as a year of transition, across Europe and the world. With new legislation on data protection in the EU now in place, the greatest challenge moving into 2020 and beyond is to ensure that this legislation produces the promised results. Awareness of the issues surrounding data protection and privacy, and the importance of protecting these fundamental rights, is at an all-time high and this momentum cannot be allowed to decline.
This Annual Report provides an insight into all EDPS activities in 2019, which was the last year of a five-year EDPS mandate. EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future.
HTML version: EN
This report provides an overview of the activities carried out by the EDPS from 2015-2019. In particular, it focuses on how the EDPS has worked towards implementing the objectives set out in the EDPS Strategy 2015-2019, which relate to digitisation, global partnerships and the modernisation of data protection. This involved not only contributing historical pieces of legislation, such as the General Data Protection Regulation and Regulation 2018/1725, but also bringing the concepts of ethics and accountability to the forefront of data protection discourse and application.
Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).
A provisional version of this text was published in February 2018. The current version 1.3 was published in July 2019.