Help Print this page 
Title and reference
Data protection by Community institutions and bodies

Summaries of EU legislation: direct access to the main summaries page.
Languages and formats available
BG ES CS DA DE ET EL EN FR GA HR IT LV LT HU MT NL PL PT RO SK SL FI SV
HTML html ES html DE html EN html FR
Multilingual display
Text

Data protection by Community institutions and bodies

This Regulation aims to protect personal data processed by European Union (EU) institutions and bodies.

ACT

Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the institutions and bodies of the Community and on the free movement of such data.

SUMMARY

This Regulation contains provisions aiming to protect personal data processed by European Union (EU) institutions and bodies.

These provisions aim to ensure a high level of protection for personal data managed by Community institutions and bodies. In particular, such data have to be:

  • processed fairly and lawfully;
  • collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
  • adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;
  • accurate and, where necessary, kept up to date (all reasonable steps should be taken to ensure that data which are inaccurate or incomplete in relation to the purposes for which they are collected or for which they are further processed, are erased or rectified);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are collected or for which they are further processed.

This Regulation also provides for the establishment of a “European Data Protection Authority”, an independent Community authority responsible for monitoring the correct application of the data protection rules by the EU institutions and bodies. This authority will be comparable to the data protection authorities established by Member States in accordance with Directive 95/46/EC on data protection. Citizens will thus be able to lodge complaints directly with that authority if they consider their data protection rights under the Regulation have not been respected.

Each Community institution and body shall appoint at least one person as Data Protection Officer with the task of cooperating with the Data Protection Supervisor and ensuring that the rights and freedoms of the data subjects are unlikely to be adversely affected by the data processing.

Citizens enjoy legally enforceable rights under the Regulation, such as the right to access, rectify, block or delete personal data relating to them in files held by the Community institutions and bodies.

Background

The data protection methods in this Regulation are based on the provisions of Directive 95/46/EC.

References

Act

Entry into force

Deadline for transposition in the Member States

Official Journal

Regulation (EC) No 45/2001

1.2.2001

-

OJ L 8 of 12.1.2001

RELATED ACTS

Commission Decision 2008/597/EC of 3 June 2008 adopting implementing rules concerning the Data Protection Officer pursuant to Article 24(8) of Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data [Official Journal L 193 of 22.7.2008].

This Decision defines the rules and procedures for implementation of the function of Data Protection Officer within the Commission (appointment, status, duties, powers, etc.).

website.

See also

European Data Protection Supervisor Website

Last updated: 03.10.2008

Top