The European Data Protection Supervisor (EDPS), which monitors
EU bodies for data protection compliance and advises them on
policy, said that it will increase its use of spot checks, but that
it was happy with the progress of EU bodies in complying with the
law.
The EDPS has produced a report on how well EU bodies and
agencies are compying with data protection law. The report found
that there had been a marked improvement since the first such
report last year.
"Community institutions have overall made good progress in
meeting their data protection requirements," said an EDPS
statement. "A lower level of compliance is observed in Community
agencies, but the EDPS will be monitoring this closely and will
encourage further compliance."
The organisation said that despite the improvements it would
step up its use of inspections. "The EDPS will increasingly proceed
with on the spot inspections in institutions or agencies in view of
checking the reality and encouraging compliance," it said.
The Data Protection Regulations which govern EU bodies' use of
personal data recommend that each organisation should have a list
of processes which use personal data. Almost all do, said the EDPS,
though EU agencies fare less well.
"The EDPS is satisfied that all but one institution now have an
inventory of processing operations involving personal data, which
allows a more systematic approach to implementation," said the
EDPS. Of the 22 EU agencies which responded to the report, 18 have
such inventories, the EDPS said.
Some of the EU agencies whose data protection officers
(DPOs) had not been notified about all personal data
processing said that they did not have the resources to comply with
the law. The EDPS said that those who run the agencies must make
sure they are aware of their legal obligations.
"The EDPS takes note of the issue of lack of resources afforded
to data protection within the agencies and will remind Directors of
agencies not only of the legal obligation to respect the provisions
laid down in [the Regulations]…but also of the obligation to
provide the DPO with the necessary resources to carry out his/her
functions," it said.
"I am pleased to see that compliance with data protection rules
is developing in Community institutions and agencies," said Data
Protection Supervisor Peter Hustinx. "Further progress is however
needed to fully translate those legal obligations in concrete
technical and organisational arrangements that enable privacy
safeguards to be ensured."
"In my role as supervisor, I will continue to encourage
compliance in the EU administration by measuring progress,
including more systematic verifications on the spot, and setting
targets where needed," he said.
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
