Answer regarding notification for prior checking (Notification) under Article 27 of Regulation 45/2001 (the Regulation) from the Data Protection Officer (DPO) of the General Secretariat of the Council of the European Union (SGC) on the Security Awareness Computer-based Learning Modules processing operations (Case 2011-1058)
Opinion of 10 January 2008 on a notification on e-Tendering application covering the Council's public procurement procedures (Case 2007-573)
Some of the recommendations made by the EDPS are the following: It was underlined that a set of predefined data should be kept in the light of the duration of each long term contract awarded in each case. Thus, depending on the duration of the contract, data should be erased immediately after they are no longer in use. Moreover, a precise period for the conservation of registered data should be adopted; it should not be excessive to the purpose for which they will further be processed. In the declaration on "personal data protection", it was pointed out, inter alia, that the obligation of the economic operators to inform their employees or subcontractors about their rights related to Article 11 and 12 of the Regulation should be mentioned. The economic operators should make sure that all relevant information, which will be published on the site of the Council, can be accessible to them. It should also be indicated in the Confidentiality agreement that the experts have a legal obligation to process data in conformity with the principles of data protection as provided in Regulation 45/2001.
Opinion of 23 January 2006 on the notification for prior checking relating to recordings of communications made over the Security Centre's telephone lines, building interphones and radios used by the General Secretariat of the Council (GSC) Security, Prevention and Medical Departments (Case 2005-364)
Summary of Case 2017-0969:
The Council established a network of first-aiders on the basis of the Staff Regulations and the rules in the area of well-being at work. Under Belgian law in that field, the employer keeps a register in which the employee who carries out a first-aid intervention must indicate particular information concerning his intervention. The Council decided to implement a staff first-aid intervention register (first-aider record book) and a register of first-aid intervention for the medical service for instances where the medical service intervenes (on site and/or after transport of the casualty to its premises). The data subjects must be duly informed about the protection of personal data. In the light of the sensitive nature of those data and the urgent nature of the work of the first-aider, it is also essential that appropriate measures be implemented in order to guarantee the security of the personal data contained in the first-aider record book.