Editor’s Note: Within the European Union, data protection is viewed as a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union. To protect and guarantee the rights to data protection and privacy within the EU, the processing of personal data is subject to control by an independent authority. The European Data Protection Supervisor (EDPS) is the EU’s independent data protection authority.
An extract from the 2019 Annual EDPS Report (March 2020)
The European Data Protection Supervisor (EDPS)
The European Data Protection Supervisor (EDPS) ensures that the European Union’s institutions, offices, bodies and agencies respect the fundamental rights to privacy and data protection, whether they process personal data or are involved in developing new policies that may involve the processing of personal data.
The EDPS has four main fields of work:
• Supervision: We monitor the processing of personal data by the EU administration and ensure that they comply with data protection rules. Our tasks range from conducting investigations to handling complaints and prior consultations on processing operations.
• Consultation: We advise the European Commission, the European Parliament, and the Council on proposals for new legislation and other initiatives related to data protection.
• Technology monitoring: We monitor and assess technological developments, where they have an impact on the protection of personal data, from an early stage, with a particular focus on the development of information and communication technologies.
• Cooperation: Among other partners, we work with national data protection authorities (DPAs) to promote consistent data protection across the EU. Our main platform for cooperation with DPAs is the European Data Protection Board (EDPB), for which we also provide the secretariat.
Up until 11 December 2018, the EU institutions had to comply with the data protection rules set out in Regulation 45/2001. On 11 December 2018, Regulation 45/2001 was replaced by Regulation (EU) 2018/1725. It is the job of the EDPS to enforce these rules.
Regulation 2018/1725 is the EU institutions’ equivalent to the General Data Protection Regulation (GDPR). The GDPR became fully applicable across the EU on 25 May 2018 and sets out the data protection rules with which all private and the majority of public organizations operating in the EU must comply. It also tasks the EDPS with providing the secretariat for the EDPB.
The 2019 EDPS Annual Report2020-03-17-2019 EDPS Annual Report
- Cyber Actors and Criminals: Two Cybersecurity Updates from the FBI
- New from NIST: Integrating Cybersecurity and Enterprise Risk Management (ERM)