EDPS-DPOs meetings

A training session will be held at the EDPS premises at 15h00 concerning how to complete the form for Prior Checking Notifications under Article 27.3 and an exchange of best practice.

35th Meeting of the Data Protection Officers and the European Data Protection Supervisor – Brussels, 11-13 June 2014

Consult our latest vacancies!

In October 2013, the EDPS was notified of a data security breach involving unauthorised access to an EU Agency database which is operated by an external contractor. This database contained the names and email addresses of approximately 70 individuals. The Agency asked the EDPS for advice on how best to handle this breach, and has now implemented all our suggested remedial measures. These included carrying out a full investigation with the contractor, implementing amendments to the contract, and notifying affected data subjects.

Some EU institutions may already have their own rules in place about reporting security breaches to the relevant internal departments. Whilst we welcome this type of proactive approach, we are presently unable to provide a direct or definitive instruction on any obligations to notify security breaches to the controller or the EDPS, under current data protection law. However, the contractual changes that the Agency has implemented in this particular case indicate a positive and practical approach to data breach management, by obligating contractors to promptly notify any such breaches to the controller. This will enable the Agency to deal with any future incident in a timely and effective manner.

Reply to the update of notification on the CDR at the European Commission - further use of an unsatisfactory CDR for blocking advancement in step – 2013 review of the Staff Regulations