European Data Protection Supervisor
European Data Protection Supervisor

Regulation 2018/1725

Regulation 2018/1725

Regulation (EU) 2018/1725 lays down the data protection obligations for the EU institutions and bodies when they process personal data and develop new policies.

The Regulation repeals Regulation (EC) 45/2001, and, in line with GDPR, adopts a principle-based approach.

The new legal instrument ensures that EU institutions and bodies provide transparent and easily accessible information on how personal data is used, as well as foresee clear mechanisms for individuals to exercise their rights; it also reconfirms, clarifies and enhances the role of data protection officers within each EU institution and of the EDPS.

Filters

Pages

17/09/2020
17
Sep
2020

EDPS comments on the EPPO’s draft revised rules on processing of personal data (Case 2020-0782)

The present comments from the EDPS refer to the draft revised rules on processing of personal data by the European Public Prosecutor's Office (EPPO).

 

DisclaimerPlease note that parts of this document were redacted to protect the internal decision making process of the EPPO. The full text of the final document referred to in this opinion, as adopted by the EPPO College, can be found at: https://ec.europa.eu/info/law/cross-border-cases/judicial-cooperation/networks-and-bodies-supporting-judicial-cooperation/european-public-prosecutors-office_en#decisions-of-the-college-of-the-eppo.

09/09/2020
9
Sep
2020

EDPS comments on the draft implementing rules on the Data Protection Officer at Eurojust (Case 2020-0710)

These comments refer to the draft implementing rules on the Data Protection Officer (DPO) at Eurojust ('the draft rules'). Our comments refer to the document submitted on 24 July 2020.

03/09/2020
3
Sep
2020

EDPS comments to the EIB concerning the DPO implementing rules and the procedure for the exercise of data subjects’ rights

EDPS comments to the EIB concerning the DPO implementing rules and the procedure for the exercise of data subjects' rights (Case 2020-0683)

01/09/2020
1
Sep
2020

Orientations from the EDPS: Body temperature checks by EU institutions in the context of the COVID-19 crisis

A number of European institutions, agencies and bodies (EUIs) have implemented body temperature checks as part of the health and safety measures adopted in the context of their “return to the office” strategy as an appropriate complementary measure, among other necessary health and safety measures, to help prevent the spread of COVID-19 contamination.

At the same time, systematic body temperature checks of staff and other visitors to filter access to EUIs premises may constitute an interference into individuals’ rights to private life and/or personal data protection. The EDPS observes that body temperature checks can be implemented through a variety of devices and processes that should be subject to careful assessment. The EDPS has decided to issue the present orientations to help EUIs and Data Protection Officers (DPOs) meet the requirements of Regulation (EU) 2018/1725 (the Regulation), where applicable.

01/09/2020
1
Sep
2020

Body temperature checks by EU institutions: Careful assessment and data protection safeguards are necessary

The European Data Protection Supervisor issued today orientations on the use of body temperature checks by Union institutions, bodies, offices and agencies (EUIs) in the context of the COVID-19 crisis, highlighting that a careful assessment and appropriate data protection safeguards are necessary.  

31/08/2020
31
Aug
2020

Informal Consultation on the application of Article 39(3)(b) of Regulation (EU) 2018/1725

Informal consultation from an EU Agency on whether a particular number of data subjects concerned by a processing should be considered as “large scale” in the sense of Article 39(3)(b) of the Regulation.

The EDPS notes that the Regulation itself does not define what constitutes “large-scale”, analyses existing guidance on the matter and concludes that in the case of the processing underlying the informal consultation, the proportion of the relevant population as well as the nature of the personal data processed and possible resulting risks cumulatively advocate for conducting a DPIA in the case at hand.

24/06/2020
24
Jun
2020

Guidance on Art. 25 of the Regulation 2018/1725

EDPS Guidance on Article 25 of the Regulation 2018/1725 and internal rules updated on 24 June 2020.

20/05/2020
20
May
2020

EDPS’ comments on EASO’s draft internal rules concerning restrictions of certain rights of data subjects (Case 2020-0468)

These comments refer to EASO’s draft implementing rules concerning restrictions on certain rights of data subjects (pursuant to Article 25 of Regulation (EU) 2018/1725).

08/05/2020
8
May
2020

Monitoring and enforcing compliance with Regulation (EU) 2018/1725

The EDPS’ role is to ensure effective protection of people’s fundamental rights and freedoms against the (mis)use of technologies, in particular in relation to the processing of personal data by the EU institutions, bodies, offices and agencies (collectively ‘EUIs’). More specifically, under Article 57 of Regulation (EU) 2018/1725 on data protection for the EUIs, one of our main tasks is to ‘monitor and enforce the application of this Regulation’. This paper explains how we will act in that role, explaining both to individuals whose data EUIs process (the data subjects) and the EUIs themselves what they can expect from us as the supervisory authority for EUI’s processing of personal data and what we expect EUIs to do.

08/05/2020
8
May
2020

47th Virtual Meeting of the Data Protection Officers and the EDPS

47th Meeting of the Data Protection Officers of the EU institutions and the European Data Protection Supervisor, virtual meeting.

AgendaPDF icon
Public CommunicationPDF icon
Use of social media by EU institutions and bodiesPDF icon
Monitoring social media - risksPDF icon
Use of social media - technical aspects mitigating measures, privacy friendly social networksPDF icon
Registers - best practices findings when inspectingPDF icon
Microsoft findings and recommendationsPDF icon
Covid-19 and data protectionPDF icon
06/05/2020
6
May
2020

Consultation on agreement for payroll services for local employees in a third country

EDPS Letter Consultation on agreement for payroll services for local employees in a third country

02/04/2020
2
Apr
2020

Report on remote inspection of publicly accessible registers under Article 31(5) of the Regulation

The EDPS has published guidance to EU institutions and bodies (“EUIs”) regarding the records of processing operations. The EDPS had previously clarified that making the register “publicly available” means publication on the internet. While initially May 2020, i.e. two years after the entry into force of the GDPR, had initially been announced by the EDPS as target date for implementation of this obligation, the EDPS noticed upon entry into force of Regulation 2018/1725, that the new Regulation contained no grace period regarding this obligation.

First Interim ReportPDF icon
Second Interim ReportFile
25/03/2020
25
Mar
2020

EDPS comments on CEDEFOP’s draft internal rules concerning restrictions of certain rights of data subjects (Case 2020-0298)

These comments refer to CEDEFOP’s draft implementing rules concerning restrictions on certain rights of data subjects (pursuant to Article 25 of Regulation (EU) 2018/1725).

18/03/2020
18
Mar
2020

2019 Annual Report - a year of transition

2019 could be described as a year of transition, across Europe and the world.  With new legislation on data protection in the EU now in place, the greatest challenge moving into 2020 and beyond is to ensure that this legislation produces the promised results. Awareness of the issues surrounding data protection and privacy, and the importance of protecting these fundamental rights, is at an all-time high and this momentum cannot be allowed to decline.

This Annual Report provides an insight into all EDPS activities in 2019, which was the last year of a five-year EDPS mandate. EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future.

HTML version: EN

Summary (HTML): EN - FR - DE

Full text of Annual Report (PDF):PDF icon
02/03/2020
2
Mar
2020

EDPS comments on the draft internal rules concerning restrictions of certain rights of data subjects in the functioning of the Executive Agencies EACEA, ERCEA, REA, INEA and EASME (Case 2020-0057)

These comments refer to the draft internal rules of the Executive Agencies EACEA, ERCEA, REA, INEA and EASME, concerning restrictions of certain rights of data subjects in relation to processing of personal data in the framework of their functioning.

27/02/2020
27
Feb
2020

EDPS informal comments on a draft Decision of the Committee of the Regions adopting implementing rules concerning Regulation (EU) 2018/1725 (Case 2020-0203)

EDPS informal comments on a draft Decision of the Committee of the Regions (CoR) adopting implementing rules concerning Regulation (EU) 2018/1725 (Case 2020-0203).

26/02/2020
26
Feb
2020

APPF’s powers and data protection obligations

Consultation by the Authority for European Political Parties and European Political Foundations (APPF) to the EDPS regarding data protection rules.

18/02/2020
18
Feb
2020

Trainings on Regulation (EU) 2018/1725 for EUI's controllers

New thematic trainings in light of Regulation (EU) 2018/1725 for EUI's controllers at the European School of Administration (EUSA), Brussels:

You may enrol on EU learn.

  • 18 February: controllers-processors / joint controllership
  • 26 February: events management
  • 4 March: controllers-processors / joint controllership (EUSA in Luxembourg!)
  • 10 March: controllers-processors / joint controllership
  • 1 July: Data protection in procurement and outsourcing processing of personal data
  • 14 September: Arrangements with processors and how to use in practice SCCs for processors adopted by the EDPS
  • 20 October: Transfers of data, in particular international transfers
  • 18 November: International transfers

03/12/2019
3
Dec
2019

Leading by Example: EDPS 2015-2019

This report provides an overview of the activities carried out by the EDPS from 2015-2019. In particular, it focuses on how the EDPS has worked towards implementing the objectives set out in the EDPS Strategy 2015-2019, which relate to digitisation, global partnerships and the modernisation of data protection. This involved not only contributing historical pieces of legislation, such as the General Data Protection Regulation and Regulation 2018/1725, but also bringing the concepts of ethics and accountability to the forefront of data protection discourse and application.

 

 

 

 

HTML:    DE   EN   FR 

HTML (Summary):    DE    EN    FR

Full text of Leading by Example: EDPS 2015-2019:PDF icon
Summary (PDF):PDF icon
14/11/2019
14
Nov
2019

Social media monitoring reports

Letter concerning a consultation on EASO's social media monitoring reports.

Pages