Print

Regulation 2018/1725

Regulation (EU) 2018/1725 lays down the data protection obligations for the EU institutions and bodies when they process personal data and develop new policies.

The Regulation repeals Regulation (EC) 45/2001, and, in line with GDPR, adopts a principle-based approach.

The new legal instrument ensures that EU institutions and bodies provide transparent and easily accessible information on how personal data is used, as well as foresee clear mechanisms for individuals to exercise their rights; it also reconfirms, clarifies and enhances the role of data protection officers within each EU institution and of the EDPS.

Filters

17
Jul
2019

Data Protection Impact Assessment List

Under Article 39(4) of Regulation (EU) 2018/1725, the EDPS shall adopt a list of the kinds of processing operations subject to a data protection impact assessment (DPIA). Under paragraph 5 of the same Article, the EDPS may adopt a list of the kinds of processing operations not subject to a DPIA. For further information on how to use this list, please see the Accountability on the ground toolkit.

Available languages: English
16
Jul
2019

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).

A provisional version of this text was published in February 2018. The current version 1.3 was published in July 2019.

 

Summary
Available languages: German, English, French
Part I: Records and threshold assessment
Available languages: German, English, French
Part II: DPIAs and prior consultation
Available languages: German, English, French
28
Jun
2019

EDPS comments the draft Decision of the Secretary General of the European External Action Service concerning its processing of personal data (Case 2019-0203)

EDPS comments on a draft Decision of the Secretary General of the European External Action Service on internal rules concerning restrictions of certain rights of data subiects in relation to processing of personal data in the framework of its functioning.

20
Jun
2019

EDPS comments on the European Securities and Markets Authorities draft on their processing of personal data (Case 2019-0446)

EDPS comments on the European Securities and Markets Authority (ESMA) draft internal rules concerning restrictions of certain rights of data subjects in relation to processing of personal data in the framework of the functioning of ESMA.

Available languages: English
20
Jun
2019

EDPS comments on the European Union Agency for Law Enforcement Training concerns on data rights restrictions (Case 2019-0566)

EDPS comments on the European Union Agency for Law Enforcement Training (CEPOL) draft internal rules concerning restrictions of certain rights of data subjects in the framework of the functioning of CEPOL.

Available languages: English