Regulation (EU) 2018/1725 lays down the data protection obligations for the EU institutions, bodies and agencies when they process personal data and develop new policies. This regulation also defines the obligations of the EDPS, including his role as an independent supervisory authority of EU institutions and bodies when they process personal data, and to advise on policies and legislation which affect privacy and cooperate with similar authorities to ensure consistent data protection.
Avis du 17 janvier 2008 sur la notification d'un contrôle préalable à propos du dossier "appel d'offre et passation d'un contrat avec un traducteur freelance" (Dossier 2007-327)
Opinion of 11 January 2008 on a notification for prior checking concerning the "Staff evaluation / assessment exercise" (Case 2007-334)
ii) the preparation of a note referring clearly to all elements provided in Articles 11 and 12 of the Regulation and making sure that the data subjects are informed of this note before the exercises of the probationary period assessment and of the staff's annual appraisal begin.
Opinion of 11 January 2008 on a notification for prior checking on the Call center technology (Case 2007-583)
The EDPS recommendations provided in this opinion aim to ensure the full compliance with the Regulation 45/2001, in particular, as regards the storage periods, the scope of the right of access and the requirements for data transfers to service providers established in non-adequate countries.
Opinion of 10 January 2008 on a notification on e-Tendering application covering the Council's public procurement procedures (Case 2007-573)
Some of the recommendations made by the EDPS are the following: It was underlined that a set of predefined data should be kept in the light of the duration of each long term contract awarded in each case. Thus, depending on the duration of the contract, data should be erased immediately after they are no longer in use. Moreover, a precise period for the conservation of registered data should be adopted; it should not be excessive to the purpose for which they will further be processed. In the declaration on "personal data protection", it was pointed out, inter alia, that the obligation of the economic operators to inform their employees or subcontractors about their rights related to Article 11 and 12 of the Regulation should be mentioned. The economic operators should make sure that all relevant information, which will be published on the site of the Council, can be accessible to them. It should also be indicated in the Confidentiality agreement that the experts have a legal obligation to process data in conformity with the principles of data protection as provided in Regulation 45/2001.
Opinion of 10 January 2008 on a notification for prior checking on "AGS-EDV Database at JRC-ITU in Karlsruhe" (Case 2007-378)
The Radioprotection Service of the JRC Institute for Transuranium Elements (ITU) in Karlsruhe processes health related data of occupationally exposed workers and visitors in accordance with the respective legal obligations laid down in the German Ionising Radiation Protection Regulation implementing Euratom Directives 96/29 and 90/641. The processing operations concern the handling of personal radiation data coming from internal and external dosimetry measurements by two external research centres, as well as the management of the respective database set to detect overexposure to the ionising radiation risks.
The EDPS recommendations provided in this opinion aim to ensure the full compliance with the Regulation 45/2001 and concern, in particular, the information to be provided to the data subjects, as well as the necessity to comply with the confidentiality and security obligations by all subjects involved in this data processing.