RSS
Alphabetical index
This page is available in 4 languages

We are migrating the content of this website during the first semester of 2014 into the new EUR-Lex web-portal. We apologise if some content is out of date before the migration. We will publish all updates and corrections in the new version of the portal.

Do you have any questions? Contact us.


Data protection by Community institutions and bodies

This Regulation aims to protect personal data processed by European Union (EU) institutions and bodies.

ACT

Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the institutions and bodies of the Community and on the free movement of such data.

SUMMARY

This Regulation contains provisions aiming to protectpersonal data processed by European Union (EU) institutions and bodies.

These provisions aim to ensure a high level of protection for personal data managed by Community institutions and bodies. In particular, such data have to be:

  • processed fairly and lawfully;
  • collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
  • adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;
  • accurate and, where necessary, kept up to date (all reasonable steps should be taken to ensure that data which are inaccurate or incomplete in relation to the purposes for which they are collected or for which they are further processed, are erased or rectified);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are collected or for which they are further processed.

This Regulation also provides for the establishment of a “European Data Protection Authority”, an independent Community authority responsible for monitoring the correct application of the data protection rules by the EU institutions and bodies. This authority will be comparable to the data protection authorities established by Member States in accordance with Directive 95/46/EC on data protection. Citizens will thus be able to lodge complaints directly with that authority if they consider their data protection rights under the Regulation have not been respected.

Each Community institution and body shall appoint at least one person as Data Protection Officer with the task of cooperating with the Data Protection Supervisor and ensuring that the rights and freedoms of the data subjects are unlikely to be adversely affected by the data processing.

Citizens enjoy legally enforceable rights under the Regulation, such as the right to access, rectify, block or delete personal data relating to them in files held by the Community institutions and bodies.

Background

The data protection methods in this Regulation are based on the provisions of Directive 95/46/EC.

REFERENCES

ActEntry into forceDeadline for transposition in the Member StatesOfficial Journal

Regulation (EC) No 45/2001

1.2.2001-OJ L 8 of 12.1.2001

RELATED ACTS

Commission Decision 2008/597/EC of 3 June 2008 adopting implementing rules concerning the Data Protection Officer pursuant to Article 24(8) of Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data [Official Journal L 193 of 22.7.2008].

This Decision defines the rules and procedures for implementation of the function of Data Protection Officer within the Commission (appointment, status, duties, powers, etc.).

website.

This summary is for information only. It is not designed to interpret or replace the reference document, which remains the only binding legal text.

Last updated: 03.10.2008
Legal notice | About this site | Search | Contact | Top