Accessibility Tools

Supervision and enforcement

One of the EDPS' main tasks is to supervise personal data processing by the  European institutions and bodies . This supervision work takes various forms.

The bulk of it is based on notifications of processing operations presenting specific risks. These need to be prior checked by the EDPS. Based on the facts submitted to him, the EDPS will examine the processing of personal data in relation to the Data Protection Regulation ( Regulation (EC) No 45/2001 ). In most cases, this exercise leads to a set of recommendations that the institution or body need to implement so as to ensure compliance with data protection rules.

The EDPS receives complaints from EU staff members as well as from other people who feel that their personal data have been mishandled by a European institution or body. If a complaint is admissible, the EDPS usually carries out an inquiry. The findings are communicated to the complainant, and necessary measures are adopted.

The EDPS may adopt opinions on administrative measures related to data protection adopted by European institutions and bodies.

The EDPS may carry out inquiries on his own initiative. Inquiries and inspections are essential for a supervisory authority to have the means for fact-finding, following up of cases and monitoring of compliance in general. 

In order to monitor compliance with Regulation (EC) No 45/2001, the EDPS largely relies on the Data Protection Officers (DPOs) who are to be appointed in each institution/body. Apart from bilateral meetings and contacts with the DPOs, the EDPS also takes part in the regular meetings of the DPO network.

Since January 2004, the EDPS has ensured the supervision of the central unit of Eurodac. An essential aspect of this supervision is the cooperation with national supervisory authorities and the drawing up recommendations for common solutions to existing problems.

The EDPS publishes thematic guidelines on critical issues to serve as reference documents for the European administration.

In December 2010 the EDPS adopted a policy paper entitled: "Monitoring and Ensuring Compliance with Regulation (EC) 45/2001".

  • 21 October 2016

    VII edition of the Diplomacy Festival, The season of uncertainties. In search of new policies for the Coexistence and Integration,  Giovanni Buttarelli participates in the debate on Privacy shield: data exchange and trade relations EU-US, Rome, Italy

  • 19 October 2016

    38th International Conference of Data Protection and Privacy Commissioners: Opening new territories for privacy, Keynote speech by Giovanni Buttarelli, Adequacy, Localization and Cultural Determinism, Marrakesh, Morocco

  • 18 October 2016

    ISC GDPR Seminar: The Impact of the General Data Protection Regulation on collaborative science in Europe, Speech by Giovanni Buttarelli on Implications of the GDPR on Science and Research (via a video link), Brussels, Belgium

  • 18 October 2016

    Technology, Challenges and Effective Governance, IAF/FPF Side Event at ICDPPC, Speech by Giovanni Buttarelli on The Future of Technology and Data Governance, Marrakesh, Morocco

  • 17 October 2016

    Seminar on Data Protection and Privacy in the Era of New Technologies, Speech by Giovanni Buttarelli (via a video link), Belgian Senate Chamber, Brussels, Belgium

  • 17 October 2016

    38th International Conference of Data Protection and Privacy Commissioners (ICDPPC): Opening new territories for privacy, Participation of Wojciech WiewiĆ³rowski, Marrakesh, Morocco

  • 17 October 2016

    38th International Conference of Data Protection and Privacy Commissioners (ICDPPC): Opening new territories for privacy, Participation of Giovanni Buttarelli, Marrakesh, Morocco

  • 14 October 2016

    Giovanni Buttarelli meeting the Italian Federation of Private Investigators to discuss privacy codes of conduct, Rome, Italy