Print

Formal Comments

formal-comments

We issue formal comments as part of our role as advisor on all matters relating to the procesing of personal data.

Similar to our Opinions, our Formal Comments are issued in response to a request from the European Commission under Article 42(1) of Regulation (EU) 2018/1725 and address the data protection implications of a legislative proposal or a draft implementing or delegated act. Our Formal comments are usually shorter and more technical, or only address certain aspects of a proposal.

 

Filters

19
Aug
2024

EDPS Formal comments to RTS to specify the elements which a financial entity needs to determine and assess when subcontracting ICT services supporting critical or important functions as mandated by Article 30(5) of Regulation (EU) 2022/2554

EDPS Formal comments on the draft Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to RTS to specify the elements which a financial entity needs to determine and assess when subcontracting ICT services supporting critical or important functions as mandated by Article 30(5) of Regulation (EU) 2022/2554.

Available languages: English
Topics
19
Aug
2024

EDPS Formal comments on criteria identifying financial entities required to perform threat-led penetration testing, requirements & standards governing use of internal testers, requirements around implementation of TLPT & facilitation of mutual recognition

EDPS Formal comments on the draft Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 with regard to RTS specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition. 

Available languages: English
Topics
22
Jul
2024

EDPS Formal comments on the draft Commission Implementing Regulation on technical standards for reporting major ICT incidents and significant cyber threats under Regulation (EU) 2022/2554.

EDPS Formal comments on the draft Commission Implementing Regulation on laying down implementing technical standards for the application of Regulation (EU) 2022/2554 with regard to the standard forms, templates and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat.

Available languages: English
Topics
22
Jul
2024

EDPS Formal comments on the draft Commission Delegated Regulation supplementing Regulation 2022/2554 with regard to regulatory technical standards on harmonisation of conditions enabling the conduct of the oversight activities

EDPS Formal comments on the draft Commission Delegated Regulation supplementing Regulation 2022/2554 with regard to regulatory technical standards on harmonisation of conditions enabling the conduct of the oversight activities.

Available languages: English
22
Jul
2024

EDPS Formal comments on the draft Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 with regulatory technical standards for reporting major ICT incidents, significant cyber threats, and related time limits

EDPS Formal comments on the draft Commission Delegated Regulation on supplementing Regulation (EU) 2022/2554 with regard to regulatory technical standards specifying the content of the reports and notifications for major ICT-related incidents and significant cyber threats and the time limits for reporting of these incidents.

Available languages: English
Topics