EDPS report: EU Institutions’ resilience to COVID-19

Today, the European Data Protection Supervisor (EDPS) published a report on the new processing operations,  and on the IT tools that EU institutions, bodies, offices and agencies (EUIs) introduced to ensure business continuity during the COVID-19 pandemic and the compliance of these activities with Regulation (EU) 2018/1725.

The report is based on an earlier survey and comprises three parts: new processing operations implemented by EUIs; IT tools implemented or enhanced by EUIs to enable teleworking; and new processing operations implemented by EUIs in charge of tasks related to public health.

Wojciech Wiewiórowski, EDPS, said: “EUIs made substantial efforts to ensure that new processing operations introduced in response to the COVID-19 pandemic were compliant with the Regulation in very short timeframes. This report enables the EDPS to provide further guidance to EUIs with regard to data protection aspects that deserve closer consideration. I invite EUIs to reassess their existing processing operations put in place during the pandemic, with the report’s recommendations in mind. The report’s conclusions also have relevance given that COVID-19’s long-lasting legacy may have an impact on EUIs’ operations concerning teleworking and remote recruitment practices for example.”

The dynamic evolution of the COVID-19 pandemic means that EUIs must continually adapt their processes. The report aims to support them in what appears to be a long-lasting challenge, which will likely continue to have an impact even after the end of the pandemic.

The survey results will feed into updating existing EDPS guidelines, or contribute to the development of new guidelines, depending on the evolution of the pandemic and the new practices that will continue once it is over. The survey results will also inform the EDPS’ execution of audits and investigations under Article 58 of Regulation (EU) 2018/1725.