EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 32020Q0626(01)

Decision of the European Data Protection Supervisor of 15 May 2020 adopting the Rules of Procedure of the EDPS

OJ L 204, 26.6.2020, p. 49–59 (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

Legal status of the document In force: This act has been changed. Current consolidated version: 13/11/2022

ELI: http://data.europa.eu/eli/proc_rules/2020/626/oj

26.6.2020   

EN

Official Journal of the European Union

L 204/49


DECISION OF THE EUROPEAN DATA PROTECTION SUPERVISOR

of 15 May 2020

adopting the Rules of Procedure of the EDPS

THE EUROPEAN DATA PROTECTION SUPERVISOR

Having regard to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (1), and in particular Article 57(1)(q) thereof,

Whereas:

(1)

Article 8 of the Charter of Fundamental Rights of the European Union and Article 16 of the Treaty on the Functioning of the European Union provide that compliance with the rules relating to the protection of individuals with regard to the processing of personal data concerning them shall be subject to control by an independent authority.

(2)

Regulation (EU) 2018/1725 provides for the establishment of an independent authority, referred to as the European Data Protection Supervisor (EDPS), responsible for ensuring that the fundamental rights and freedoms of natural persons, and in particular their right to data protection, with respect to the processing of personal data, are respected by the Union institutions, bodies, offices and agencies.

(3)

Regulation (EU) 2018/1725 also provides for the duties and powers of the EDPS as well as for the appointment of the European Data Protection Supervisor.

(4)

Regulation (EU) 2018/1725 further provides that the European Data Protection Supervisor should be assisted by a Secretariat and lays down a number of provisions concerning staff and budgetary matters.

(5)

Other provisions of Union law also provide for tasks and powers for the EDPS, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council (2), Directive (EU) 2016/680 of the European Parliament and of the Council (3), Regulation (EU) 2016/794 of the European Parliament and of the Council (4), Regulation (EU) 2018/1727 of the European Parliament and of the Council (5) and Regulation (EU) 2017/1939 of the European Parliament and of the Council (6).

(6)

After consulting the Staff Committee of the EDPS,

HAS ADOPTED THIS DECISION:

TITLE I

MISSION, DEFINITIONS, GUIDING PRINCIPLES AND ORGANISATION

CHAPTER I

Mission and definitions

Article 1

The EDPS

The EDPS shall act in accordance with the provisions of Regulation (EU) 2018/1725, any other relevant Union legal act and this Decision, and follow the strategic priorities which the European Data Protection Supervisor may set out.

Article 2

Definitions

For the purposes of this Decision, the following definitions apply:

(a)

‘the Regulation’ means Regulation (EU) 2018/1725;

(b)

‘GDPR’ means Regulation (EU) 2016/679;

(c)

‘‛institution’ means a Union institution, body, office or agency subject to the Regulation or to any other Union legal act providing for tasks and powers for the European Data Protection Supervisor;

(d)

‘EDPS’ means the European Data Protection Supervisor as a body of the Union;

(e)

‘European Data Protection Supervisor’ means the European Data Protection Supervisor appointed by the European Parliament and the Council in accordance with Article 53 of the Regulation;

(f)

‘EDPB’ means the European Data Protection Board as a body of the Union established by Article 68(1) of the GDPR;

(g)

‘EDPB’ secretariat’ means the secretariat of the EDPB established by Article 75 of the GDPR.

CHAPTER II

Guiding principles

Article 3

Good governance, integrity and good administrative behaviour

1.   The EDPS shall act in the public’s interest as an expert as well as an independent, reliable, proactive and authoritative body in the field of privacy and personal data protection.

2.   The EDPS shall act in accordance with the EDPS Ethics Framework.

Article 4

Accountability and transparency

1.   The EDPS shall periodically publish its strategic priorities and an Annual Report.

2.   The EDPS, as a data controller, shall lead by example in respecting the applicable law on the protection of personal data.

3.   The EDPS shall engage openly and transparently with the media and stakeholders and explain its activities to the public in a clear language.

Article 5

Efficiency and effectiveness

1.   The EDPS shall use state-of-the-art administrative and technical means to maximise the efficiency and effectiveness in carrying out its tasks, including internal communication and appropriate delegation of tasks.

2.   The EDPS shall implement appropriate mechanisms and tools to ensure the highest level of quality management, such as internal control standards, a risk management process and the annual activity report.

Article 6

Cooperation

The EDPS shall promote cooperation among data protection supervisory authorities as well as with any other public authority whose activities may have an impact on privacy and personal data protection.

CHAPTER III

Organisation

Article 7

Role of the European Data Protection Supervisor

The European Data Protection Supervisor shall decide the strategic priorities of the EDPS and adopt the policy documents corresponding to the tasks and powers of the EDPS.

Article 8

EDPS secretariat

The European Data Protection Supervisor shall determine the organisational structure of the EDPS secretariat. Without prejudice to the Memorandum of Understanding between the EDPS and the EDPB of 25 May 2018, in particular relating to the EDPB secretariat, the structure shall reflect the strategic priorities set by the European Data Protection Supervisor.

Article 9

The Director and the Appointing Authority

1.   Without prejudice to the Memorandum of Understanding between the EDPS and the EDPB of 25 May 2018, in particular point VI(5) thereof, the Director shall exercise the powers vested in the Appointing Authority within the meaning of Article 2 of the Staff Regulations of officials of the European Union laid down by Council Regulation (EEC, Euratom, ECSC) No 259/68 (7) and the powers vested in who is authorised to conclude contracts of employment within the meaning of Article 6 of the Conditions of Employment of other servants of the European Union laid down by Regulation (EEC, Euratom, ECSC) No 259/68 and any other related powers resulting from other administrative decisions both internal to the EDPS or of an inter-institutional nature, insofar as the decision of the European Data Protection Supervisor on the exercise of the powers vested in the Appointing Authority and in who is authorised to conclude contracts of employment does not provide otherwise.

2.   The Director may delegate the exercise of the powers referred to in paragraph 1 to the official responsible for the management of human resources.

3.   The Director shall be the reporting officer for the Data Protection Officer, the Local Security Officer, the Local Information Security Officer, the Transparency Officer, the Legal Service Officer, the Ethics Officer and the Internal Control Coordinator for the tasks relating to these functions.

4.   The Director shall assist the European Data Protection Supervisor to ensure consistency and overall coordination of the EDPS and on any other tasks delegated to him or her by the European Data Protection Supervisor.

5.   The Director may adopt the EDPS decisions on the application of the restrictions based on the EDPS internal rules implementing Article 25 of the Regulation.

Article 10

Management Meeting

1.   The Management Meeting shall comprise the European Data Protection Supervisor, the Director and the Heads of Units and Sectors and shall ensure strategic oversight of the work of the EDPS.

2.   Where the Management Meeting concerns issues relating to human resources, budget, finance or administrative matters relevant for the EDPB or the EDPB secretariat, it shall also comprise the Head of the EDPB secretariat.

3.   The Management Meeting shall be chaired by the European Data Protection Supervisor, or in cases he or she is unable to attend the meeting, by the Director. As a rule, the Management Meeting shall take place once per week.

4.   The Director shall ensure the proper functioning of the secretariat of the Management Meeting.

5.   The meetings shall not be public. Discussions shall be confidential.

Article 11

Delegation of tasks and deputising

1.   The European Data Protection Supervisor may delegate to the Director, where appropriate and in accordance with the Regulation, the power to adopt and sign legally binding decisions, the substance of which has already been determined by the European Data Protection Supervisor.

2.   The European Data Protection Supervisor may also delegate, where appropriate and in accordance with the Regulation, to the Director or to the Head of Unit or Head of Sector concerned, the power to adopt and sign other documents.

3.   Where powers have been delegated to the Director pursuant to paragraphs 1 or 2, the Director may sub-delegate them to the Head of Unit or Head of Sector concerned.

4.   Where the European Data Protection Supervisor is prevented from exercising his or her functions or the post is vacant and no European Data Protection Supervisor has been appointed, the Director, where appropriate and in accordance with the Regulation, shall perform tasks and duties of the European Data Protection Supervisor which are necessary and urgent to ensure business continuity.

5.   Where the Director is prevented from exercising his or her functions or the post is vacant and no official has been designated by the European Data Protection Supervisor, the functions of the Director shall be exercised by the Head of Unit or Head of Sector with the highest grade or, in the event of equal grade, by the Head of Unit or Head of Sector with the highest seniority within the grade or, in the event of equal seniority, by the eldest.

6.   If there is no Head of Unit or Head of Sector available to exercise the duties of the Director as specified under paragraph 5 and no official has been designated by the European Data Protection Supervisor, the official with the highest grade or, in the event of equal grade, the official with the highest seniority in the grade or, in the event of equal seniority, the one who is eldest, shall deputise.

7.   Where any other hierarchical superior is prevented from exercising his/her duties, and no official has been designated by the European Data Protection Supervisor, the Director shall designate an official in agreement with the European Data Protection Supervisor. If no replacement has been designated by the Director, the official in the Unit or Sector concerned with the highest grade, or in the event of equal grade, the official with the highest seniority in the grade or, in the event of equal seniority, the one who is eldest, shall deputise.

8.   Paragraphs 1 to 7 shall be without prejudice to the rules concerning delegation in respect of the powers conferred on the Appointing Authority or of the powers concerning financial matters as provided for in Articles 9 and 12.

Article 12

Authorising Officer and Accounting Officer

1.   The European Data Protection Supervisor shall delegate the powers of Authorising Officer to the Director in accordance with the charter of tasks and responsibilities concerning budget and administration of the EDPS provided in accordance with Article 72(2) of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council (8).

2.   As regards budget matters relating to the EDPB, the Authorising Officer shall exercise his or her function in accordance with the Memorandum of Understanding between the EDPS and the EDPB.

3.   The function of Accounting Officer of the EDPS, in accordance with the Decision of the European Data Protection Supervisor of 1 March 2017 (9), shall be performed by the Accounting Officer of the Commission.

TITLE II

MONITORING AND ENSURING THE APPLICATION OF THE REGULATION

Article 13

Monitoring and ensuring the application of the Regulation

The EDPS shall guarantee effective protection of rights and freedoms of individuals through monitoring and enforcement of the Regulation and of any other Union legal act providing for tasks and powers for the European Data Protection Supervisor. To that end, in the exercise of the investigative, corrective, authorisation and advisory powers, the EDPS may conduct compliance visits, surveys, bi-monthly visits, informal consultations or facilitate amicable settlements of complaints.

Article 14

Transparency of replies to consultations by institutions on their processing of personal data and to requests for authorisations

The EDPS may publish the replies to consultation by institutions on their processing of personal data in full or in part, taking applicable confidentiality and information security requirements into account. Authorisation decisions shall be published, taking applicable confidentiality and information security requirements into account.

Article 15

Data Protection Officers notified by the institutions

1.   A register of the appointments of Data Protection Officers notified to the EDPS by the institutions in accordance with the Regulation shall be kept by the EDPS.

2.   The updated list of the Data Protection Officers of the institutions shall be published on the website of the EDPS.

3.   The EDPS shall provide guidance to Data Protection Officers, in particular by participating in the meetings organised by the network of the Data Protection Officers of the institutions.

Article 16

Handling of complaints

1.   The EDPS shall not handle anonymous complaints.

2.   The EDPS shall handle complaints submitted in writing, including in electronic form, in any official language of the Union and which provide details necessary for the complaint to be understood.

3.   Where a complaint relating to the same facts has been lodged by the complainant with the European Ombudsman, the EDPS shall examine the admissibility of the complaint in accordance with the Memorandum of Understanding between the EDPS and the European Ombudsman.

4.   The EDPS shall decide how to handle a complaint taking into account:

(a)

the nature and gravity of the alleged violations of data protection rules;

(b)

the importance of the damage that one or more data subjects have or may have suffered as result of the violation;

(c)

the potential overall importance of the case, also in relation to other public and private interests involved;

(d)

the likelihood of establishing that the violation has occurred;

(e)

the exact date on which the underlying events occurred, the conduct in question stopped generating effects, the effects were removed or an appropriate guarantee of such a removal was provided.

5.   Where appropriate, the EDPS shall facilitate an amicable settlement of the complaint.

6.   The EDPS shall suspend the investigation of a complaint pending a ruling by a court or a decision of another judicial or administrative body on the same matter.

7.   The EDPS shall only disclose the identity of the complainant to the extent necessary for the proper conduct of the investigation. The EDPS shall not disclose any document related to the complaint, except for anonymised excerpts or summaries of the final decision, unless the person concerned consents to such disclosure.

8.   If required by the circumstances of the complaint, the EDPS shall cooperate with the competent oversight authorities, including competent national supervisory authorities acting within the scope of their respective competences.

Article 17

Outcome of complaints

1.   The EDPS shall inform the complainant as soon as possible of the outcome of a complaint and of the action taken.

2.   Where a complaint is found to be inadmissible or the investigation is discontinued, the EDPS shall, where appropriate, advise the complainant to refer to another competent authority.

3.   The EDPS may decide to discontinue an investigation at the request of the complainant. This shall not prevent the EDPS from further investigating the subject matter of the complaint.

4.   The EDPS may close an investigation where the complainant has failed to provide the information requested. The EDPS shall inform the complainant about this decision.

Article 18

Review of complaints and judicial remedies

1.   Where the EDPS issues a decision on a complaint, the complainant or institution concerned may request that the EDPS review its decision. Such a request shall be made within one month of the decision. The EDPS shall review its decision where the complainant or institution advances new factual evidence or legal arguments.

2.   Upon issuing its decision on a complaint, the EDPS shall inform the complainant and the institution concerned that they have the right both to request a review of its decision and to challenge the decision before the Court of Justice of the European Union in accordance with Article 263 of the Treaty on the Functioning of the European Union.

3.   Where following a request that it review its decision on a complaint, the EDPS issues a new, revised decision, the EDPS shall inform the complainant and the institution concerned that they may challenge this new decision before the Court of Justice of the European Union in accordance with Article 263 of the Treaty on the Functioning of the European Union.

Article 19

Notification of a personal data breach to the EDPS by institutions

1.   The EDPS shall provide a secure platform for the notification of a personal data breach by an institution and implement security measures for the exchange of information regarding a personal data breach.

2.   Upon notification the EDPS shall acknowledge receipt to the institution concerned.

TITLE III

LEGISLATIVE CONSULTATION, TECHNOLOGY MONITORING, RESEARCH PROJECTS, COURT PROCEEDINGS

Article 20

Legislative consultation

1.   In response to requests from the Commission pursuant to Article 42(1) of the Regulation, the EDPS shall issue opinions or formal comments.

2.   The opinions shall be published on the website of the EDPS in English, French and German. Summaries of opinions shall be published in the Official Journal of the European Union (C Series). Formal comments shall be published on the website of the EDPS.

3.   The EDPS may decline to respond to a consultation where the conditions set out in Article 42 of the Regulation are not met, including where there is no impact on the protection of individuals’ rights and freedoms with regard to data protection.

4.   Where despite best efforts a joint opinion of the EDPS and the EDPB pursuant to Article 42(2) of the Regulation cannot be issued within the set deadline, the EDPS may issue an opinion on the same matter.

5.   Where the Commission shortens a deadline applicable to a legislative consultation pursuant to Article 42(3) of the Regulation, the EDPS shall strive to respect the deadline set in so far as is reasonable and practicable, taking into account in particular the complexity of the subject matter, the length of the documentation and the completeness of the information provided by the Commission.

Article 21

Technology monitoring

The EDPS, in monitoring the development of information and communication technologies insofar as they have an impact on the protection of personal data, shall promote awareness and advise in particular on the principles of data protection by design and data protection by default.

Article 22

Research projects

The EDPS may decide to contribute to the Union’s Framework Programmes and to serve on the advisory committees of research projects.

Article 23

Action against institutions for breach of the Regulation

The EDPS may refer the matter to the Court of Justice of the European Union, in case of non-compliance by an institution with the Regulation, in particular where the EDPS has not been consulted in cases provided for by Article 42(1) of the Regulation and in case of failure to effectively respond to enforcement action taken by the EDPS under Article 58 of the Regulation.

Article 24

EDPS intervention in actions brought before the Court of Justice of the European Union

1.   The EDPS may intervene in actions brought before the Court of Justice of the European Union in accordance with Article 58(4) of the Regulation, Article 43(3)(i) of Regulation (EU) 2016/794, Article 85(3)(g) of Regulation (EU) 2017/1939, and Article 40(3)(g) of Regulation (EU) 2018/1727.

2.   When deciding whether to request leave to intervene or whether to accept an invitation from the Court of Justice of the European Union to do so, the EDPS shall take into account in particular:

(a)

whether the EDPS has been directly involved in the facts of the case in performing its supervisory tasks;

(b)

whether the case raises data protection issues that are either substantial in themselves or decisive to its outcome; and

(c)

whether intervention by the EDPS is likely to affect the outcome of the proceedings.

TITLE IV

COOPERATION WITH NATIONAL SUPERVISORY AUTHORITIES AND INTERNATIONAL COOPERATION

Article 25

EDPS as a member of the European Data Protection Board

The EDPS as a member of the EDPB shall aim to promote the Union perspective, and in particular the shared values referred to in Article 2 of the Treaty of the European Union.

Article 26

Cooperation with national supervisory authorities under Article 61 of the Regulation

1.   The EDPS shall cooperate with national supervisory authorities and with the joint supervisory authority established under Article 25 of Council Decision 2009/917/JHA (10) with a view to, in particular:

(a)

exchanging all relevant information, including best practices, as well as information in relation to requests to exercise monitoring, investigative and enforcement powers by competent national supervisory authorities;

(b)

developing and maintaining contact with relevant members and staff of the national supervisory authorities.

2.   Where relevant, the EDPS shall engage in mutual assistance and take part in joint operations with national supervisory authorities, each acting within the scope of their respective competences as set out in the Regulation, the GDPR and other relevant acts of Union law.

3.   The EDPS may take part upon invitation in an investigation by a supervisory authority or invite a supervisory authority to take part in an investigation in accordance with the legal and procedural rules applicable to the inviting party.

Article 27

International cooperation

1.   The EDPS shall promote best practices, convergence and synergies on the protection of personal data between the European Union and third countries and international organisations, including through participation in relevant regional and international networks and events.

2.   Where appropriate, the EDPS shall engage in mutual assistance in the investigative and enforcement actions of supervisory authorities of third countries or international organisations.

TITLE V

GENERAL PROVISIONS

Article 28

Consultation with the Staff Committee

1.   The Staff Committee, representing the staff of the EDPS, including the EDPB secretariat, shall be consulted in good time on draft decisions relating to the implementation of the Staff Regulations of officials of the European Union and the Conditions of Employment of other servants of the European Union laid down by Regulation (EEC, Euratom, ECSC) No 259/68 and may be consulted on any other question of general interest concerning the staff. The Staff Committee shall be informed of any question related to the execution of its tasks. It shall issue its opinions within 10 working days of being consulted.

2.   The Staff Committee shall contribute to the good functioning of the EDPS, including the EDPB secretariat by making proposals on organisational matters and working conditions.

3.   The Staff Committee shall be composed of three members and three deputies, and elected for a period of two years by all staff of the EDPS, including the EDPB secretariat.

Article 29

Data Protection Officer

1.   The EDPS shall appoint a Data Protection Officer (DPO).

2.   The DPO shall be consulted, in particular, when the EDPS as controller intends to apply a restriction based on the internal rules implementing Article 25 of the Regulation.

3.   In accordance with point IV(2)(viii) of the Memorandum of Understanding between the EDPS and the EDPB, the EDPB has a separate DPO. In accordance with point IV(4) of the Memorandum of Understanding between the EDPS and the EDPB, the DPO of the EDPS and of the EDPB shall meet regularly in order to ensure that their decisions remain consistent.

Article 30

Public access to documents and Transparency Officer of the EDPS

The EDPS shall designate a Transparency Officer to ensure compliance with Regulation (EC) No 1049/2001 of the European Parliament and of the Council (11), without prejudice to the handling of public access to documents requests by the EDPB secretariat in accordance with point IV(2)(iii) of the Memorandum of Understanding between the EDPS and the EDPB.

Article 31

Languages

1.   The EDPS is committed to the principle of multilingualism, as cultural and linguistic diversity is one of the cornerstones and assets of the European Union. The EDPS strives to find a balance between the principle of multilingualism and the obligation to ensure sound financial management and savings for the budget of the European Union, hence making a pragmatic use of its limited resources.

2.   The EDPS shall respond to any person addressing it on a matter falling within its competence in one of the official languages of the European Union in the same language used to address it. All complaints, requests for information and any other requests may be sent to the EDPS in any of the official languages of the European Union, and shall be answered in the same language.

3.   The website of the EDPS shall be available in English, French and German. Strategic documents of the EDPS, such as the strategy for the mandate of the European Data Protection Supervisor, shall be published in English, French and German.

Article 32

Support services

The EDPS may enter into cooperation agreements or service level agreements with other institutions, and may participate in inter-institutional calls for tenders resulting in framework contracts with third parties for the provision of support services to the EDPS and the EDPB. The EDPS may also sign contract with external service providers in accordance with the procurement rules applicable to the institutions.

Article 33

Authentication of decisions

1.   The decisions of the EDPS shall be authenticated by the apposition of the signature by the European Data Protection Supervisor or the Director as provided for in this Decision. Such signature may be handwritten or in electronic form.

2.   In case of delegation or deputising in accordance with Article 11, the decisions shall be authenticated by the apposition of the signature of the person to whom the power has been delegated or of the person deputising. Such signature may be handwritten or in electronic form.

Article 34

Remote working at EDPS and electronic documents

1.   By decision of the European Data Protection Supervisor, the EDPS may implement a system of remote working by all or part of its staff. This decision shall be communicated to the staff and published on the EDPS and EDPB websites.

2.   By decision of the European Data Protection Supervisor, the EDPS may determine the conditions of validity of electronic documents, electronic procedures and electronic means of transmission of documents for the EDPS’ purposes. This decision shall be communicated to the staff and published on the EDPS website.

3.   The Chair of the EDPB shall be consulted where those decisions concern the EDPB Secretariat.

Article 35

Rules for the calculation of periods, dates and time limits

The EDPS shall apply the rules for calculation of periods, dates and time limits established under Regulation (EEC, Euratom) No 1182/71 of the Council (12).

TITLE VI

FINAL PROVISIONS

Article 36

Supplementary measures

The European Data Protection Supervisor may further specify the provisions of this Decision by adopting implementing rules and supplementary measures relating to the functioning of the EDPS.

Article 37

Repeal of Decision 2013/504/EU of the European Data Protection Supervisor

Decision 2013/504/EU of the European Data Protection Supervisor (13) is repealed and replaced by this Decision.

Article 38

Entry into force

This Decision shall enter into force on the day following its publication in the Official Journal of the European Union.

Done at Brussels, 15 May 2020.

For the EDPS

Wojciech Rafał WIEWIÓROWSKI

European Data Protection Supervisor


(1)  OJ L 295, 21.11.2018, p. 39.

(2)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

(3)  Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

(4)  Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53).

(5)  Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA (OJ L 295, 21.11.2018, p. 138).

(6)  Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (‘the EPPO’) (OJ L 283, 31.10.2017, p. 1).

(7)  Regulation (EEC, Euratom, ECSC) No 259/68 of the Council of 29 February 1968 laying down the Staff Regulations of Officials and the Conditions of Employment of Other Servants of the European Communities and instituting special measures temporarily applicable to officials of the Commission (Conditions of Employment of Other Servants) (OJ L 56, 4.3.1968, p. 1).

(8)  Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (OJ L 193, 30.7.2018, p. 1).

(9)  Decision of the European Data Protection Supervisor (EDPS) of 1 March 2017 on the appointment of the European Commission Accounting Officer as the Accounting Officer of the EDPS.

(10)  Council Decision 2009/917/JHA of 30 November 2009 on the use of information technology for customs purposes (OJ L 323, 10.12.2009, p. 20).

(11)  Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

(12)  Regulation (EEC, Euratom) No 1182/71 of the Council of 3 June 1971 determining the rules applicable to periods, dates and time limits OJ L 124, 8.6.1971, p. 1).

(13)  Decision 2013/504/EU of the European Data Protection Supervisor of 17 December 2012 on the adoption of Rules of Procedure (OJ L 273, 15.10.2013, p. 41).


Top