EU News
Printable version E-mail this to a friend

EDPS general survey shows that EU institutions and bodies have different levels of data protection compliance

Yesterday, the European Data Protection Supervisor (EDPS) published the results of his latest general survey of compliance with the Data Protection Regulation. EU institutions and bodies process personal data both in their daily work and in their core business activities. In both cases they have to comply with data protection principles and obligations and respect the rights of the individuals involved. In his latest stock-taking exercise, the EDPS has analysed the performance of all 58 EU institutions and bodies in certain key areas.

The report emphasises the progress made by institutions and bodies in implementing the Regulation, but also underlines shortcomings. Institutions and bodies have been divided in four groups to allow meaningful comparison between peers. Benchmarks have been established on the basis of the results achieved in each group, indicating the threshold that an institution or body should reasonably meet. Within these peer groups, institutions and bodies are scoring differently on data protection compliance and some of them clearly fail to meet reasonable expectations.

Peter Hustinx, EDPS, states: "I am concerned that not all EU institutions and bodies are performing as well as they should. Implementation of data protection principles is not only a matter of time and resources, but also of organisational will. Ensuring compliance is a process that requires the commitment and support of the hierarchy in all institutions and bodies."

The results of this survey will be taken into account by the EDPS in planning guidance to institutions and bodies, enforcement actions and other measures to promote accountability. In this respect, in addition to EDPS inspections, a number of targeted visits have been planned on the basis of the outcome of this exercise. Such visits typically lead to an agreed roadmap of follow up activities in order to boost compliance.

In 2012, the EDPS intends to visit the European Aviation Safety Agency (EASA), the European Centre for Disease Prevention and Control (ECDC), the European Training Foundation (ETF), the European Research Council Executive Agency (ERCEA) and the Research Executive Agency (REA).

The European Data Protection Supervisor (EDPS) is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by:

  • monitoring the EU administration's processing of personal data;

  • advising on policies and legislation that affect privacy;

  • cooperating with similar authorities to ensure consistent data protection.

The report is available on EDPS´ website. For more information: