Coordinated Enforcement Action on the role of data protection officers
Launched in March 2023, the EDPS is taking part in the European Data Protection Board’s (EDPB) Coordinated Enforcement Action on the role and tasks of data protection officers, alongside 26 data protection authorities of the EU and the European Economic Area (EU/EEA).
Wojciech Wiewiórowski, EDPS, said: “The role of a data protection officer is crucial in ensuring that data protection law is applied within entities in the EU, and within EU institutions, bodies, offices and agencies (EUIs). By bridging the gap between EU data protection law and its practical application, data protection officers help to promote the effective protection of individuals’ privacy and personal data. Cooperating with the EDPB aims to facilitate the consistent and coherent application of data protection law, its principles, and good practices across the EU/EEA.”
The EDPS’ cooperation in the EDPB’s Coordinated Enforcement Action will focus on the role, responsibilities and tasks of data protection officers in the EUIs. To support this work, the EDPS sent today a questionnaire to EUIs’ data protection officers with the aim of checking their compliance with the applicable data protection law, Regulation (EU) 2018/1725. This may involve checking, for example, DPOs’ independence, how they provide their advice and carry out their duties in light of EUIs’ activities implying the processing of individuals’ personal data.
This Coordinated Enforcement Action is part of the EDPB’s Coordinated Enforcement Framework (CEF), which the EDPS actively participates in. The CEF aims to streamline enforcement actions and cooperation amongst the data protection authorities of the EU/EEA. The first Coordinated Enforcement Action, launched in 2022, focused on the use of cloud services by the public sector; a report on this topic can be found here. Similarly, the results of this second Coordinated Enforcement Action on data protection officers will be analysed collaboratively, and a report on the findings will be published. Further supervision and enforcement actions may follow, if necessary.
Background information
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
About the EDPS: The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS) was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.
About the EDPB: The European Data Protection Board (EDPB) is established by the General Data Protection Regulation (GDPR). It is an independent European body, contributing to the consistent application of data protection rules throughout the European Union (EU Member States), and promotes cooperation between the EU’s Data Protection Authorities (DPA).The EDPS provides an independent secretariat to the EDPB. The Secretariat offers administrative and logistic support for the EDPB as well as performing analytical work and contribute to the EDPB’s tasks. A Memorandum of Understanding determines the terms of cooperation between the EDPB and the EDPS.
About the role of data protection officer: The role, tasks and duties of a data protection officer in the EU institutions, bodies, offices and agencies are set out in Articles 43, 44, 45 of Regulation (EU) 2018/1725. The role, tasks and duties of a data protection officer in the EU institutions, bodies, offices and agencies are set out in Articles 37, 38, 39 of the General Data Protection Regulation, applicable to entities in the EU/EEA.