Factsheets

The EDPS has an ongoing investigation into Commission’s use of Microsoft Office 365 (M365).
While the ongoing investigation by the EDPS concerns the Commission in its capacity as a controller for its use of M365, the future outcome of this investigation should nevertheless be instructive for other EU institutions (EUIs) procuring of Microsoft products and services under the same inter-institutional licensing agreement with Microsoft.

All European Union (EU) institutions, bodies, offices and agencies (EUIs) process personal data in their day-to-day work.

Discover more about your rights.

In October, the EU aims to raise awareness of the risks and opportunities that some technologies entail.
Check our infographic on how to minimise risks of phishing attacks by cybercriminals.

Audits are one of the tools used by the EDPS to ensure that EUIs comply with data protection rules. When do we conduct audits? Why and which EUIs are audited? What are the three stages of an EDPS audit? This factsheet will help you to learn more on what to expect when we inspect. 

All EU institutions, offices, bodies and agencies process personal data to recruit staff, pay salaries or negotiate service contracts, for example. If this personal data is lost, stolen or obtained accidently or deliberately, it is a personal data breach. What can you do if a personal data breach occurs? When should the breach be communicated to individuals? This factsheet will help you deepen your knowledge on personal data breaches.