Audits are one of the tools used by the EDPS to ensure that EUIs comply with data protection rules. When do we conduct audits? Why and which EUIs are audited? What are the three stages of an EDPS audit? This factsheet will help you to learn more on what to expect when we inspect.
Privacy in the EU Institutions
Regulation (EC) No 45/2001 - which will be adapted in 2018, in order to be brought in line with the General Data Protection Regulation - lays down the data protection obligations for the EU institutions and bodies when they process personal data and develop new policies. The Regulation also sets out the duties of the EDPS including its role as an independent supervisory authority of the EU institutions and bodies when they process personal data and for advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.
Here you will find EDPS documents about privacy and data protection concerning the processing of personal data by the EU institutions and bodies, such as staff evaluation, accreditation of external visitors, access control.
Formal comments of the EDPS on the draft Commission Implementing Decisions specifying the technical procedure for the European search portal to query the EU information systems, Europol data and Interpol databases and the format of the European search portal's replies, pursuant to Article 9(7) of Regulation (EU) 2019/817 of the European Parliament and of the Council
EDPS Formal comments on the draft Commission Delegated Regulations supplementing Regulation (EU) 2019/817 and Regulation (EU) 2019/818 of the European Parliament and Council with regard to cases where identity data may be considered as same or similar for the purpose of the multiple identity detection
EDPS comments on the draft Decision of the European Committee of Regions on internal rules concerning restrictions of certain rights of data subjects (Article 25 of Regulation (EU) 2018/1725) (Case 2021-0345)
Outcome of the EDPS' remote audit on how European institutions, bodies and agencies (EUIs) inform individuals about the way their personal data is processed when signing up to newsletters, case 2020-0611.