Rules
As any other European Institution, the European Commission is subject to specific legal obligations concerning the protection of personal data and their processing. These obligations are described in Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data. It repeals Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
Scope
Any operation performed upon information related to a natural person is defined as processing of personal data. Some examples include collection, recording, storage, alteration, use, disclosure and transfer of personal data.
Contact and support
- each institution or body appoints at least one person as Data Protection Officer. Within the European Commission, the Data Protection Officer (DPO) ensures, in an independent manner, that the Commission applies correctly the law protecting individuals’ personal data. The DPO keeps a public register explaining all operations carried out by the Commission that involve processing personal data
- within the Commission, the first level of contact for any data protection related issues is the DG's Data Protection Coordinator (Restricted access).
- for all the institutions, the European Data Protection Supervisor acts as an independent supervisory authority (see art. 52 to 60 of the Regulation)
For more details, please consult:
- Data Protection Officer of the European Commission
- the Data Protection Officer of the European Commission on MyIntracomm (Restricted access)
- Register of the Data Protection Officer
- EDPS Resources - Guidelines on the protection of personal data processed through web services provided by EU institutions