According to Giovanni Buttarelli, the European Data Protection Supervisor (EDPS), in charge of ensuring that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies, EU institutions are better at complying with data protection rules and privacy principles than ever before.
In 2015, EDPS survey addressed the state of registers and inventories as well as the transfers to non-EU countries and the involvement of data protection officers in the development of new processing operations.
Giovanni Buttarelli, EDPS, said:
“As the EU’s independent supervisory authority, it is the EDPS’ role to keep EU institutions on track in fulfilling their data protection obligations. The institutions themselves are accountable for applying the rules and integrating data protection principles in their daily work. I am pleased that the results of our Survey confirm that they increasingly do.”
The report concludes that the well-established institutions now need to focus on maintaining proper inventories and keeping up notification rates to their data protection officers and the EDPS. Less mature institutions have made up ground, with several agencies reporting 100% of their processing activities. The Innovation & Networks Executive Agency (INEA) is a success story, as well as Frontex, which moved from being a cause for concern to a solid middle-field performer.
Where progress has slowed down, the EDPS intends to provide support in the form of targeted guidance activities, assistance and training or more robust action to ensure that data protection is respected as a EU fundamental right. EU institutions concerned such as the Agency for the Cooperation of Energy Regulators (ACER) and the European External Action Service (EEAS) for instance are principally the newest agencies and bodies, which are still in the process of setting up their business processes.
Wojciech Wiewiórowski, European Data Protection Assistant Supervisor, said:
“Although the Survey is technical in nature and focused on formal compliance with data protection rules, it is also useful for assessing the state of play and general trends as well. The survey and report indicate to the EU institutions, and anyone else who may be interested, that they are being fairly assessed; as the results feed into the choices that we make about the EDPS supervision and enforcement activities for the year, the procedure promotes transparency. Where progress is slow or has slowed down, for instance in notifications to the EDPS, we will provide support to the institutions to ensure that data protection becomes a reflex.”