The new rules governing the protection of personal data in EU institutions and the formal duties of the EDPS are established in Regulation (EU) 2018/1725 which replaces Regulation (EC) No 45/2001.  As the EDPS pointed out in it’s recent press release, the adoption of this regulation represents a fundamental step in the completion of the EU data protection framework.

What’s the role of the EDPS in all of this? 

The EDPS is responsible for monitoring EU bodies and institutions in their processing of personal data and acts as an advisor for legislation and policy that are connected to privacy-related matters.  That means that the EDPS supervises 66 EU agencies, bodies, offices and institutions.  The EDPS itself is also an accountable controller in this situation.

Mr. Giovanni Buttarelli is the EDPS and Mr. Wojciech Wiewiórowski is the Assistant EDPS.  Together they are members of the institution of the EDPS who are appointed in a joint decision of the Council and the European Parliament with a 5-year mandate.

What has the EDPS done?

Over the past two years, the EDPS has regularly organised meetings with EU institution DPOs and had had multiple meetings and training sessions with both controllers and staff to raise awareness about personal data protection, highlighting accountability as a vital part of compliance.  Furthermore, the “EDPS has updated and is producing new guidance documents, on topics such as accountability, risk assessment and Data Protection Impact Assessments (DPIAs), data breach notifications and transparency and information obligations.”