As any other European Institution, the European Commission is subject to specific legal obligations concerning the protection of personal data and their processing. These obligations are described in Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
The new regulation is applicable as of 11 Dec 2018.
Any operation performed upon information related to a natural person is defined as processing of personal data. Some examples include collection, recording, storage, alteration, use, disclosure and transfer of personal data.
Each institution or body appoints at least one person as Data Protection Officer.
Within the European Commission, the Data Protection Officer (DPO) ensures, in an independent manner, that the Commission applies correctly the law protecting individuals’ personal data. The DPO keeps a public register explaining all operations carried out by the Commission that involve processing personal data.
For all the Institutions, the European Data Protection Supervisor acts as an independent supervisory authority (see art. 52 to 60 of the Regulation).
Who can help?
The first level of contact for data protection related issues is the DG's Data Protection Coordinator.
- Data Protection Officer of the European Commission
- the Data Protection Officer of the European Commission on MyIntracomm
- Register of the Data Protection Officer
- EDPS Resources - Guidelines on the protection of personal data processed through web services provided by EU institutions