Accessibility Tools

Supervision and enforcement


One of the EDPS' main tasks is to supervise personal data processing by the  European institutions and bodies . This supervision work takes various forms.

The bulk of it is based on notifications of processing operations presenting specific risks. These need to be prior checked by the EDPS. Based on the facts submitted to him, the EDPS will examine the processing of personal data in relation to the Data Protection Regulation ( Regulation (EC) No 45/2001 ). In most cases, this exercise leads to a set of recommendations that the institution or body need to implement so as to ensure compliance with data protection rules.

The EDPS receives complaints from EU staff members as well as from other people who feel that their personal data have been mishandled by a European institution or body. If a complaint is admissible, the EDPS usually carries out an inquiry. The findings are communicated to the complainant, and necessary measures are adopted.

The EDPS may adopt opinions on administrative measures related to data protection adopted by European institutions and bodies.

The EDPS may carry out inquiries on his own initiative. Inquiries and inspections are essential for a supervisory authority to have the means for fact-finding, following up of cases and monitoring of compliance in general. 

In order to monitor compliance with Regulation (EC) No 45/2001, the EDPS largely relies on the Data Protection Officers (DPOs) who are to be appointed in each institution/body. Apart from bilateral meetings and contacts with the DPOs, the EDPS also takes part in the regular meetings of the DPO network.

Since January 2004, the EDPS has ensured the supervision of the central unit of Eurodac. An essential aspect of this supervision is the cooperation with national supervisory authorities and the drawing up recommendations for common solutions to existing problems.

The EDPS publishes thematic guidelines on critical issues to serve as reference documents for the European administration.

In December 2010 the EDPS adopted a policy paper entitled: "Monitoring and Ensuring Compliance with Regulation (EC) 45/2001".

  • 05 February 2016

    Opening address given by Giovanni Buttarelli, EDPS, at the Fifth Workshop on Data Protection in International Organisations

  • 03 February 2016

    On 2 and 3 February 2016, the Article 29 Working Party (WP29) met to discuss the consequences of the CJEU judgment in the Schrems case for international transfers. Read the statement on the introduction of a "EU-US Privacy Shield".

  • 02 February 2016

    On 5 February 2016, the EDPS and the International Committee of the Red Cross will host a workshop on data protection within international organisations, which will take place in Geneva. For more information see the EDPS Events page.

  • 28 January 2016

    EDPS starts work on a New Digital Ethics. Read the press release.

  • 28 January 2016

    The EDPS is celebrating 10 years of Data Protection Day! Watch our video, follow our events live and get involved in the debate on Twitter #DataProtectionDay. Information on all our events can be found on the EDPS Events page.

  • 05 February 2016

    Data Protection Within International Organisations, Geneva, Switzerland, Giovanni Buttarelli chairs the morning session and speaks at the workshop

  • 29 January 2016

    9th International CPDP Conference, Brussels, Belgium, concluding remarks by Giovanni Buttarelli

  • 28 January 2016

    9th International CPDP Conference, Brussels, Belgium, Giovanni Buttarelli moderates panel on Transatlantic Discussions: Developing a Sustainable 'Big Data' Ecosystem - Diverse Approaches to the ...

  • 28 January 2016

    9th International CPDP Conference, Brussels, Belgium, Giovanni Buttarelli chairs panel on Data, Dignity and Technology - Exploring Digital Ethics

  • 28 January 2016

    Smart Sharing, Data Protection Day conference for trainees at the EU institutions, Brussels, Belgium, Giovanni Buttarelli and Wojciech Wiewiórowski speak at the conference

  • 28 January 2016

    GDPR: A new chapter for EU data protection - how the new Regulation will empower you to take control of your personal information, Data Protection Day conference for EU officials, ...

  • 27 January 2016

    9th International CPDP Conference, Brussels, Belgium, Wojciech Wiewiórowski moderates panel on The Data Protection Reform: The Reform in Perspective

  • 08 December 2015
    The Industrial Internet Era, Brussels, Belgium, Wojciech Wiewiórowski takes part in panel Cybersecurity, Privacy and the Industrial IoT