OLAF’s daily work involves the processing of large amounts of sensitive personal data. As a service of the European Commission, OLAF is subject to Regulation (EC) 45/2001 on the protection of individuals with regard to the processing of personal data by Community institutions and bodies and is thus under the supervisory powers of the European Data Protection Supervisor (EDPS). OLAF conducts administrative investigations in full independence, both internally – concerning the EU institutions and bodies – and externally – concerning economic operators located in the Member States and third countries. In order to help protect its independence when conducting investigations, OLAF is the only service of the European Commission that has appointed its own Data Protection Officer (DPO); the Commission has appointed one DPO for all of the other services combined. OLAF operates in a highly complex environment in which the demands of the data protection regulation touch the work of its investigators on a daily basis. OLAF is fully committed to fulfilling these demands.
OLAF Personal Data Processing Operations
Legal framework for data protection
Instructions to Staff on Data Protection for Investigative Activities