One of the EDPS' main tasks is to supervise personal data processing by the European institutions and bodies . This supervision work takes various forms.
The bulk of it is based on notifications of processing operations presenting specific risks. These need to be prior checked by the EDPS. Based on the facts submitted to him, the EDPS will examine the processing of personal data in relation to the Data Protection Regulation ( Regulation (EC) No 45/2001 ). In most cases, this exercise leads to a set of recommendations that the institution or body need to implement so as to ensure compliance with data protection rules.
The EDPS receives complaints from EU staff members as well as from other people who feel that their personal data have been mishandled by a European institution or body. If a complaint is admissible, the EDPS usually carries out an inquiry. The findings are communicated to the complainant, and necessary measures are adopted.
The EDPS may adopt opinions on administrative measures related to data protection adopted by European institutions and bodies.
The EDPS may carry out inquiries on his own initiative. Inquiries and inspections are essential for a supervisory authority to have the means for fact-finding, following up of cases and monitoring of compliance in general.
In order to monitor compliance with Regulation (EC) No 45/2001, the EDPS largely relies on the Data Protection Officers (DPOs) who are to be appointed in each institution/body. Apart from bilateral meetings and contacts with the DPOs, the EDPS also takes part in the regular meetings of the DPO network.
Since January 2004, the EDPS has ensured the supervision of the central unit of Eurodac. An essential aspect of this supervision is the cooperation with national supervisory authorities and the drawing up recommendations for common solutions to existing problems.
The EDPS publishes thematic guidelines on critical issues to serve as reference documents for the European administration.
In December 2010 the EDPS adopted a policy paper entitled: "Monitoring and Ensuring Compliance with Regulation (EC) 45/2001".
GDPR requires DPOs: EU institutions leading by example. Read the latest blogpost by Wojciech Wiewiórowski.
Counterterrorism and Data Privacy: A European Perspective. Read the speech by Giovanni Buttarelli given at to the symposium on Governing Intelligence: Transnational Approaches to Oversight and Security, hosted by the Center on Law and Security and the Woodrow Wilson International Center for Scholars.
Ethics at the Root of Privacy and as the Future of Data Protection. Read the address by Giovanni Buttarelli given at event hosted by Berkman Center for Internet and Society at Harvard University and the MIT Internet Policy Initiative and the MIT Media Lab.
On 16 June 2016 the EDPS will meet the civil society organisations to discuss the state of data protection and privacy in the EU. Read more and sign up here!
Privacy: The Competitive Advantage, Speech by Wojciech Wiewiórowski, London, UK
Conference on General Data Protection Regulation, Speech by Giovanni Buttarelli (via video), Copenhagen, Denmark
39th DPO meeting hosted by Eurofound, Introductory speech by Wojciech Wiewiórowski, Dublin, Ireland
European Data Protection Days, Keynote by Giovanni Buttarelli on Enduring values and sustainable solutions: The GDPR as a catalyst for individual digital rights across the globe and participation in a discussion on Chances, challenges and the latest developments in international data protection, Berlin, Germany
Intelligence Oversight Conference, New York University School of Law, Speech by Giovanni Buttarelli, New York, USA
Giovanni Buttarelli visits the Congress, Washington, D.C., USA
10th Annual Digital Regulation Forum, Policies for the Digital Single Market; an Evolution or a Revolution?, Interactive Panel Discussion: How does the emergence of online platforms affect the Digital Single Market?, Speech by Wojciech Wiewiórowski, London, UK
Annual Congress of Italian DPOs (ASSO), Speech by Giovanni Buttarelli (via video), Milan, Italy