Regulation (EU) 2018/1725 lays down the data protection obligations for the EU institutions, bodies and agencies when they process personal data and develop new policies. This regulation also defines the obligations of the EDPS, including his role as an independent supervisory authority of EU institutions and bodies when they process personal data, and to advise on policies and legislation which affect privacy and cooperate with similar authorities to ensure consistent data protection.
This Report, based on a survey carried out in February 2020, is on the European Institutions' use of Data Protection Impact Assessments (DPIAs), case 2020-0066
This paper presents the issues raised by the EDPS’ own-initiative investigation into European institutions’, bodies’, offices’ and agencies’ (‘EU institutions’) use of Microsoft products and services. These findings and recommendations from the investigation are likely to be of wider interest than just of the EU institutions: they may be of particular interest to all public authorities in EU/EEA Member States.
EDPS comments on Eurojust’s draft internal rules concerning restrictions of certain data subjects’ rights (Article 25 of the Regulation (EU) 2018/1725)
Consultation from an European Institution on the relationship with its contractor for providing travel agency services. The contractor considers that it should be a separate controller; the EDPS analyses the relationship at hand, the consequences of different legal constructions, and concludes that a controller-processor relationship is the most appropriate arrangement.
These comments refer to EASO’s draft implementing rules concerning restrictions on certain rights of data subjects (pursuant to Article 25 of Regulation (EU) 2018/1725).