This document is an excerpt from the EUR-Lex website
Document 32021D2121
Commission Decision (EU) 2021/2121 of 6 July 2020 on records management and archives
Commission Decision (EU) 2021/2121 of 6 July 2020 on records management and archives
Commission Decision (EU) 2021/2121 of 6 July 2020 on records management and archives
C/2020/4482
OJ L 430, 2.12.2021, p. 30–41
(BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
In force
2.12.2021 |
EN |
Official Journal of the European Union |
L 430/30 |
COMMISSION DECISION (EU) 2021/2121
of 6 July 2020
on records management and archives
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Council Regulation (EEC, Euratom) No 354/83 of 1 February 1983 concerning the opening to the public of the historical archives of the European Economic Community and the European Atomic Energy Community (1), and in particular Article 9(1) thereof,
Whereas:
(1) |
The records held by the Commission form the basis of its operation and daily work. They are part of the Commission’s assets and fulfil the functions of facilitating the exchange of information, providing evidence of action taken, meeting the institution’s legal obligations and preserving its memory. They must therefore be managed in accordance with effective rules applicable to all directorates-general and equivalent departments. |
(2) |
The Commission keeps records that are created, received and managed in the course of its activities. All records, regardless of format and the technological environment in which they are collected, created or generated, are captured and maintained in an official electronic repository of records. |
(3) |
Provisions on records management and archives set out principles to ensure: the creation, receipt and proper preservation or elimination of records and their consultation and communication; the authenticity, reliability, integrity and readability over time of records and the metadata accompanying them; the identification of each record together with the extraction and allocation of metadata, so that it can be filed, searched and is easily traceable; the development, maintenance and updating of the structure of the Commission’s records and archives management systems, its electronic repositories and its repositories for analogue media. |
(4) |
These principles are intended to cover the lifecycle of the Commission’s records, whatever their medium, making available, exchanging, sharing, reusing and disseminating data, information and records, in line with the policy, governance arrangements and practice of the Commission’s data and information management. |
(5) |
Effective and proper records management and archiving help meet the Commission’s transparency obligations, in particular by facilitating public access to documents and implementing the principle of accountability of public actions. |
(6) |
Provisions on records management and archives should be aligned with the obligation to provide access to documents held by the Commission in accordance with the principles, arrangements and limits set out in Regulation (EC) No 1049/2001 of the European Parliament and of the Council (2). |
(7) |
By Commission Decision 2002/47/EC, ECSC, Euratom (3), the Commission amended its Rules of Procedure to include provisions on document management and by Commission Decision 2004/563/EC, Euratom (4) it amended the Rules of Procedure to include provisions on electronic and digitised documents to set up electronic document management and archiving, laying down a common set of rules and procedures applicable to all departments. |
(8) |
It is necessary to update the rules determining the conditions under which electronic, digitised and electronically transmitted documents are valid and stored for the Commission’s purposes. |
(9) |
The records management and archiving policy should take account of the Commission’s digital transformation programme (5). Therefore, the principle of the creation of records only in electronic format should be strongly emphasised, although exceptions to this principle should nevertheless be possible. |
(10) |
The Union institutions, bodies, offices and agencies are encouraged to recognise electronic identification and trust services covered by Regulation (EU) No 910/2014 of the European Parliament and of the Council (6) for the purpose of administrative cooperation capitalising, in particular, on existing good practice and the results of ongoing projects in the areas covered by this Regulation. |
(11) |
The Commission’s rules and procedures on records management and archives should be regularly updated, taking account of developments in and the results of academic and scientific research, including the emergence of relevant standards and developments in information and communication technologies. |
(12) |
A records management system does not only register records, but more broadly captures them to clearly and reliably identify them, ensure their traceability and make them available to other users through filing or other means of aggregation of records throughout their life cycle. |
(13) |
Information systems, networks and transmission facilities that feed the Commission’s records system should be protected by appropriate security measures in accordance with the applicable security rules for protecting information. |
(14) |
Data and information should be available and shared as widely as possible within the Commission in order to facilitate the collaborative working of its staff and the retrievability and reuse of data and information and to promote the synergy of its resources and improve efficiency. |
(15) |
Each institution of the Union creates and maintains its historical archives and opens them to the public in accordance with Regulation (EEC, Euratom) No 354/83. Each institution furthermore adopts internal rules regarding the application of that Regulation. |
(16) |
Under Regulation (EU) 2018/1725 of the European Parliament and of the Council (7), the Commission is required to provide information to data subjects on the processing of personal data concerning them and to respect their rights as data subjects. However, the Commission should balance these rights with the objectives of archiving in the public interest in accordance with data protection law. |
(17) |
Articles 16(5) and 19(3) of Regulation (EU) 2018/1725 provide for exceptions to data subjects’ right to information and right to erasure in respect of processing data for archiving purposes in the public interest. Those rights should not apply in principle in the particular context of the Commission’s historical archives, taking into account the size of the institution and its records and the nature of archiving in the public interest. The erasure of personal data contained in such records, in particular, would undermine the validity, integrity and authenticity of the Commission’s archives and is therefore likely to seriously impair the achievement of the objectives of archiving in the public interest. |
(18) |
The Commission may be unable or would be required to make a disproportionate effort to provide information on processing once its files and records selected for permanent preservation have been transferred to its historical archives. Data subjects should be informed that records containing their personal data may be transferred to the Commission’s historical archives at the end of the retention period identified for those records as part of the information referred to in Articles 15 and 16 of Regulation (EU) 2018/1725. That information is provided in relation to the original processing operations for which the personal data were initially collected. |
(19) |
Article 25(4) of Regulation (EU) 2018/1725 gives the Commission the possibility of providing for derogations from the rights referred to in Articles 17, 18, 20, 21, 22 and 23 of that Regulation, insofar as those rights are likely to render impossible or seriously impair the achievement of archiving purposes in the public interest and derogations are necessary for the fulfilment of those purposes. Unless derogations are provided for in a legal act adopted on the basis of the Treaties, internal rules must be adopted under which the Commission is entitled to derogate from those rights. |
(20) |
Granting access to personal data in case of a data subject request which does not provide specific information regarding the processing to which the request relates may involve a disproportionate administrative effort or be practically impossible, given the size and nature of the Commission’s historical archives. |
(21) |
The rectification of personal data would undermine the integrity and authenticity of the Commission’s archives and defeat the purpose of archiving in the public interest. This is without prejudice to the possibility that the Commission, in duly justified cases of inaccurate personal data, may decide to include a supplementary statement or annotation to the relevant record. |
(22) |
Personal data form an integral and indispensable part of records selected for permanent preservation. Therefore, granting the right to object to the processing of personal data contained in such records would render impossible the achievement of the purposes of archiving in the public interest. |
(23) |
The Commission should provide for derogations subject to the conditions and safeguards referred to in Article 13 of Regulation (EU) 2018/1725. |
(24) |
In applying the principle of accountability, the Commission should keep a record of its application of derogations. |
(25) |
To guarantee the utmost protection of the rights and freedoms of data subjects and in accordance with Article 44(1) of Regulation (EU) 2018/1725, the Data Protection Officer of the Commission should be informed as soon as possible of the application of derogations under this Decision. |
(26) |
The European Data Protection Supervisor was consulted on these rules and delivered an opinion with its recommendations on 3 March 2020. |
(27) |
All members of staff should be accountable for the creation and correct management of records relating to policies, process and procedures for which they are responsible, |
HAS DECIDED AS FOLLOWS:
CHAPTER I
GENERAL PROVISIONS
Article 1
Subject matter
This Decision lays down rules concerning:
(a) |
the management of Commission records and archives; |
(b) |
the preservation and opening to the public of the Commission’s archives and the deposit of the Commission’s historical archives at the Historical Archives of the European Union at the European University Institute (EUI) in Florence. |
Article 2
Scope
This Decision applies to records held by the Commission and to its archives, irrespective of their form, medium, age and location.
It may apply, by specific agreement, to records held by other entities responsible for applying certain Union policies or to records exchanged via data transmission networks between administrations and the Commission.
Article 3
Definitions
For the purposes of this Decision, the following definitions shall apply:
(1) |
‘record’ means information, received and created in the form of a document (8), a collection of data or other form in a digital or analogue medium that is captured in an official repository and managed and maintained as evidence and as an asset (9); |
(2) |
‘metadata’ means any information describing the context, content and structure of records and their management over time for the purposes of, inter alia, retrieval, accessibility and reuse; |
(3) |
‘digitisation’ means the process of transforming a record on paper or any other traditional medium into an electronic rendition; |
(4) |
‘official repository of records’ means a system, recognised and approved by the Secretariat-General, in which records held by the Commission are collected, organised and categorised to facilitate records retrieval, distribution, use, disposal or preservation; |
(5) |
‘capture’ means the insertion of a document into an official electronic repository by combining a unique identifier and metadata (10); |
(6) |
‘unique identifier’ means a sequence of digits or letters, or both, unambiguously assigned to a record by a machine or person and which identifies that record as unique and distinct from all other records; |
(7) |
‘registration’ means capturing a record into a register, establishing that it is complete and properly constituted from an administrative and/or legal standpoint and certifying that it has been sent by an author to an addressee on a given date, as incoming or outgoing mail, or has been incorporated into one of the Commission’s official repositories; |
(8) |
‘file’ means an aggregation of records organised in line with the Commission’s activities, for reasons of proof, justification or information and to guarantee efficiency in the work; the group of records making up the file is organised in such a way as to form a coherent and relevant unit in terms of the activities conducted by the Commission or its departments; |
(9) |
‘filing plan’ means an instrument with a hierarchical and logical structure, in the form of a tree structure with a number of interlinked headings, which enables files (or other aggregations of records) to be intellectually organised and linked to the context in which they were drawn up, on the basis of the functions, activities and working processes; |
(10) |
‘authenticity’ means the fact that a record can be proved to be what it purports to be, to have been created or sent by the person purported to have created or sent it and to have been created or sent when purported (11); |
(11) |
‘reliability’ means the fact that the content of a record can be trusted as a full and accurate representation of the transactions, activities or facts to which they attest and that the record can be depended upon in the course of subsequent transactions or activities (12); |
(12) |
‘integrity’ means the fact that a record is complete and unaltered (13); |
(13) |
‘validity’ means the fact that a document has all the intrinsic and extrinsic characteristics required by its production context, necessary in order to be accepted as an expression of its author with all its legal consequences; |
(14) |
‘admissibility’ means the fact that a document has all the intrinsic and extrinsic characteristics required by its reception context, necessary for it to be accepted as an expression of its author with all its legal consequences; |
(15) |
‘preservation’ means all technical processes and operations which make it possible to keep records over time, to maintain their integrity and authenticity and to guarantee access to their content. |
CHAPTER II
RECORDS MANAGEMENT
Article 4
Creation
1. The author of any newly created information shall analyse it in order to determine the electronic management system by which the information is to be managed, if it is to be captured and in which official repository system it is to be preserved.
2. Records shall be created in accordance with the formal requirements set out for the relevant type of records.
3. The Commission’s records shall be created as electronic records and shall be kept in its official electronic repositories.
However, in the following situations records may be created in a different medium or kept in a different manner:
(a) |
where a provision of Union or national law so requires; |
(b) |
where protocol convenience imposes paper medium; |
(c) |
where practical reasons impede digitisation of the document; |
(d) |
where the preservation of the original analogue document has an added value because of its form or the material from which it is made or for historical reasons. |
Article 5
Digitisation
1. Information in analogue media created or received by the Commission shall be systematically digitised. The resulting electronic renditions, when captured in an official electronic repository, shall replace the corresponding original analogue documents, unless a handwritten signature is required by a provision of Union law or the law of the Member State or third country concerned.
2. Implementing rules adopted pursuant to Article 22 shall set out the procedural and technical details of digitisation, the applicable exceptions and the elimination of analogue records following their digitisation.
Article 6
Capture
1. Each directorate-general or equivalent department shall regularly review the types of information created or received in the course of its activities to identify which ones are to be captured in an official electronic repository and, taking account of the context in which they were produced, to organise the management of these throughout their life cycle.
2. The captured records shall not be altered. They may be removed or replaced by subsequent versions until the file they belong to is closed.
Article 7
Registration
1. Documents shall be registered if they contain important information which is not short-lived or if they may involve action or follow-up by the Commission or one of its departments.
2. Registers shall be set up to generate unique identifiers for the registered records.
Each register shall be connected to one or more electronic repositories. Exceptions may be made for security reasons.
Article 8
Filing plan
The Commission’s filing plan shall use a common file classification across all Commission departments. That classification shall form part of the Commission’s activity-based management.
Article 9
Computerised processes and systems
The directorates-general and equivalent departments shall keep and manage their records by means of computerised processes and computerised systems and structures with interfaces to ensure storage of, access to and recovery of records, unless required otherwise by a Commission provision.
Article 10
Legal effects of electronic signatures, seals, timestamps and registered delivery services
1. A qualified electronic signature (14) shall have the equivalent legal effect of a handwritten signature.
2. A qualified electronic seal (15) shall enjoy the presumption of integrity of the data and of correctness of the origin of that data to which the qualified electronic seal is linked.
3. A qualified electronic time stamp (16) shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound.
4. Data sent and received using a qualified electronic registered delivery service (17) shall enjoy the presumption of the integrity of the data, the sending of that data by the identified sender, its receipt by the identified addressee and the accuracy of the date and time of sending and receipt indicated by the qualified electronic registered delivery service.
Article 11
Validity of documents and procedures
1. A document created or received by the Commission shall be considered to satisfy the validity or admissibility criteria where the following conditions are met:
(a) |
the person from whom it originates is identified; |
(b) |
the context in which the document was produced is reliable and the document meets the conditions that guarantee its integrity; |
(c) |
the document complies with the formal requirements set out in the applicable Union or national law; |
(d) |
in the case of an electronic document, the document is created in a way that guarantees the integrity, reliability and usability of its content and the accompanying metadata. |
2. An electronic rendition created by digitising an analogue document created or received by the Commission shall be considered to satisfy the validity or admissibility criteria where the following conditions are fulfilled:
(a) |
no signature is required by a provision of Union law or the law of a Member State or third country concerned; |
(b) |
its format offers guarantees of integrity, reliability, durability, readability over time and ease of access to the information it contains. |
Where a signed analogue document is not required, such an electronic rendition may be used for any exchange of information and for any internal procedure within the Commission.
3. Where a provision of Union or national law requires a signed original of a document, a document drawn up or received by the Commission shall satisfy that requirement if the document contains any of the following:
(a) |
one or more handwritten or qualified electronic signatures; |
(b) |
one or more electronic signatures, other than qualified, providing sufficient guarantees about the identification of the signatory and the expression of their will in the signed document. |
4. Where a procedure specific to the Commission requires the signature of an authorised person or the approval of a person at one or more stages of the procedure, the procedure may be managed by computer systems, provided that each person is clearly and unambiguously identified and that the system in question provides guarantees that the content is not altered during the procedure.
5. Where a procedure involves the Commission and other entities and requires the signature of an authorised person or the approval of a person at one or more stages of the procedure, the procedure may be managed by computer systems meeting conditions and providing technical assurances determined by mutual agreement.
Article 12
Provision of data and information within the Commission
1. Data and information shall be made available and shared as widely as possible within the Commission, unless legal obligations require access to be limited.
2. In the interest of information sharing, directorates-general and equivalent departments shall ensure that their files are as widely accessible as the sensitivity of their content allows.
Article 13
Information security and protection
Records shall be managed in accordance with the Commission’s security rules applicable to the protection of information. To this end, records, files, information systems and archives, including their networks and means of transmission, shall be protected by appropriate security measures for the management of classified information, sensitive non-classified information and personal data (18).
Classified information shall be processed in accordance with the rules in force on security.
CHAPTER III
PRESERVATION AND HISTORICAL ARCHIVES
Article 14
Storage and preservation
1. Storage and preservation shall take place under the following conditions:
(a) |
records shall be stored in the form in which they were created, sent or received or in a form which preserves the authenticity, reliability and the integrity of their content and of the accompanying metadata; |
(b) |
the content of records and their relevant metadata must be readable throughout their period of storage by any person authorised to have access to them; |
(c) |
where records are sent or received electronically, the information required to determine the origin or destination of the record and the date and time of the capture or registration, shall be part of the minimum metadata to be stored; |
(d) |
as regards electronic procedures managed by IT systems, information about the formal stages of the procedure shall be stored under such conditions as to ensure that those stages and the authors and participants can be identified. |
2. The Secretary-General shall ensure the implementation of a digital preservation strategy to ensure long-term access to electronic records on the basis of the retention lists referred in Article 15(1). The strategy shall be drawn up in cooperation with the Commission’s Historical Archives Service and shall ensure that processes, tools and resources are in place to ensure the authenticity, reliability and integrity of records and their accessibility.
Article 15
Retention, transfer and elimination
1. The retention period for the various categories of files and, in certain cases, records, shall be set for the whole Commission by way of regulatory instruments, such as the common retention list, or one or more specific retention lists drawn up on the basis of the organisational context, the existing legislation and the Commission’s legal obligations.
2. Directorates-general and equivalent departments shall regularly conduct an appraisal of records and files managed by them to assess whether they shall be transferred to the Commission’s historical archives referred to in Article 16, or eliminated.
However, a set of metadata on records and files shall be retained in the original electronic repository as evidence of such records and files and their transfer or elimination.
3. EU classified information with a classification of CONFIDENTIEL UE/EU CONFIDENTIAL or higher shall not be transferred to the Commission’s Historical Archives Service.
Article 16
Commission’s Historical Archives Service
The tasks of the Commission’s Historical Archives Service shall be to:
(a) |
guarantee the authenticity, reliability and integrity of and access to the Commission’s records, files and archives which have been transferred to it; |
(b) |
ensure the material protection and integrity of the metadata of records and files provided by the transferring departments; |
(c) |
make records and files available on request to the directorates-general or equivalent departments; |
(d) |
undertake, where necessary and in cooperation with the originating directorate-general or equivalent department or its successor, a second review of all transferred records, files and archives; |
(e) |
initiate the declassification of classified documents as referred to in Articles 3 and 5 of Regulation (EEC, Euratom) No 354/83; |
(f) |
open the Commission’s historical archives to the public after the expiry of a period of 30 years, except for those records covered by exceptions relating to the privacy and integrity of individuals, or the commercial interests of a natural or legal person, including intellectual property; |
(g) |
deposit the Commission’s historical archives that have been opened to the public at the Historical Archives of the European Union at the EUI. |
Article 17
Processing of personal data contained in the Commission’s historical archives
1. The following derogations from the rights of data subjects shall apply in accordance with Article 25(4) of Regulation (EU) 2018/1725, as necessary to fulfil archiving purposes in the public interest and to preserve the integrity of the Commission’s historical archives, in particular:
(a) |
the right of access (19), in so far as the request of the data subject does not allow for the identification of specific records without involving disproportionate administrative effort. In assessing the action to be taken on the request of the data subject and the administrative effort required, particular account shall be taken of the information provided by the data subject and the nature, scope and size of the records potentially concerned; |
(b) |
the right to rectification (20), in so far as rectification renders it impossible to preserve the integrity and authenticity of records selected for permanent preservation in the Commission’s historical archives, without prejudice to the possibility of a supplementary statement or annotation to the record concerned, unless this proves impossible or involves disproportionate effort; |
(c) |
the obligation to notify the rectification or erasure of personal data (21) in so far as this proves impossible or involves disproportionate effort; |
(d) |
the right to object to the processing (22), in so far as the personal data are contained in records selected for permanent preservation in the Commission’s historical archives as an integral and indispensable part of these records. |
2. The Commission shall implement appropriate safeguards to ensure compliance with Article 13 of Regulation (EU) 2018/1725. Such safeguards shall include technical and organisational measures, in particular, in order to ensure respect for the principle of data minimisation. The safeguards shall include:
(a) |
the files to be transferred to the Commission’s historical archives shall be selected following a case-by-case assessment according to the Commission’s retention lists. All the other files, including structured personal data files, such as personal and medical files, shall be eliminated at the end of the administrative retention period; |
(b) |
the retention lists shall provide for the administrative elimination of certain types of records before the end of the administrative retention period. Consequently, these types of records shall not be processed for archiving purposes in the public interest; |
(c) |
prior to processing for archiving purposes in the public interest, the directorate-general or equivalent department shall report the potential presence of records covered by Article 2(1) of Regulation (EEC, Euratom) No 354/83 in the files to be transferred to the Commission’s historical archives; |
(d) |
before any Commission file is opened to the public, the Commission’s Historical Archives Service shall review it to verify the possible presence of records covered by the exceptions indicated in Article 2(1) of Regulation (EEC, Euratom) No 354/83, including on the basis of the signposting referred to in point (c) with the aim of protecting personal data. |
3. The Commission shall record the reasons for derogations applied pursuant to this Decision. The record and, where applicable, the documents concerning the factual or legal context shall be registered. They shall be made available to the European Data Protection Supervisor on request.
4. The Data Protection Officer of the Commission shall be informed, as soon as possible of the application of derogations from data subject rights in accordance with this Decision. Upon request, the Data Protection Officer shall be provided with access to the associated records and any documents setting out the factual or legal context.
Article 18
Deposit of the Commission’s historical archives at the EUI
1. The Commission’s Historical Archives Service shall provide the EUI, where possible, with access to digitised copies of records held in an analogue medium.
2. The EUI shall be the main access point to the Commission’s historical archives that are open to the public.
3. The Commission’s Historical Archives Service shall send the EUI descriptions of the archives deposited. In accordance with international standards and to facilitate the exchange of metadata, the Commission will promote interoperability between its archives systems and those of the EUI.
4. The EUI acts as a processor (23) in accordance with Article 3 of Regulation (EU) 2018/1725, under instructions from the Commission, which acts as the controller (24) of personal data contained in its historical archives, deposited at the EUI. The Commission’s Historical Archives Service provides, on behalf of the Commission, the necessary instructions for the processing of personal data contained in the Commission’s deposited archives by the EUI and monitors its performance.
5. Classified information shall not be deposited at the EUI.
CHAPTER IV
GOVERNANCE AND IMPLEMENTATION
Article 19
Governance at Commission level
1. Each director-general or head of department shall put in place the necessary organisational, administrative and physical structure and provide the staff required to implement this Decision and the implementing rules by their departments.
2. The Secretariat-General shall be responsible for ensuring that this Decision and its implementing rules are applied.
3. The Directorate-General for Informatics shall be responsible for providing the technological infrastructure to implement this Decision.
Article 20
Network of document management officers
1. Each director-general or head of department shall designate a document management officer to maintain a modern and efficient records management system in their department and to ensure coordination within their department, with the Secretariat-General and the other departments of the Commission.
2. The role of the network of document management officers, chaired by the Secretariat-General, shall be to:
(a) |
ensure the correct and uniform application of this Decision within the directorates-general and equivalent departments; |
(b) |
deal with any issues which may arise from its application; |
(c) |
share the requirements of directorates-general and equivalent departments as regards training and support measures. |
Article 21
Information, training and support
The Secretariat-General, in close cooperation with the Directorate-General for Informatics, the Directorate-General for Human Resources and Security and the Commission’s Historical Archives Service, shall put in place the information, training and support measures necessary to ensure the application of this Decision within the directorates-general and equivalent departments.
Article 22
Implementing rules
The Secretary-General shall draw up the implementing rules in coordination with the directorates-general and equivalent departments and shall ensure their implementation.
They shall be regularly updated taking account in particular of:
(a) |
developments regarding records and archives management and results of academic and scientific research, including the emergence of relevant standards; |
(b) |
developments in information and communication technologies; |
(c) |
the applicable rules on the probative value of electronic records; |
(d) |
the Commission’s obligations as regards transparency, public access to documents and the opening to the public of archives; |
(e) |
any new obligations by which the Commission may be bound; |
(f) |
harmonisation in the presentation of records drawn up by the Commission and its departments. |
Article 23
Final provision
Decision 2002/47/EC, ECSC, Euratom and Decision 2004/563/EC, Euratom have no longer effect.
Done at Brussels, 6 July 2020.
For the Commission
The President
Ursula VON DER LEYEN
(2) Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).
(3) Commission Decision 2002/47/EC, ECSC, Euratom of 23 January 2002 amending its Rules of Procedure (OJ L 21, 24.1.2002, p. 23).
(4) Commission Decision 2004/563/EC, Euratom of 7 July 2004 amending its Rules of Procedure (OJ L 251, 27.7.2004, p. 9).
(5) Communication to the Commission C(2018) 7118 on the European Commission Digital Strategy. See also Commission Communication C(2016) 6626, which sets out the general direction of the internal policy for data, information and knowledge management at the Commission.
(6) Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).
(7) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
(8) ‘document’ is understood within the meaning of Article 3(a) of Regulation (EC) No 1049/2001.
(9) ISO 15489-1:2016, point 3.14.
(10) ISO 15489-1:2016, point 9.3.
(11) ISO 15489-1:2016, point 5.2.2.1.
(12) ISO 15489-1:2016, point 5.2.2.2.
(13) ISO 15489-1:2016, point 5.2.2.3.
(14) ‘electronic signature’ is understood within the meaning of Article 3(10) to (12) of Regulation (EU) No 910/2014.
(15) ‘electronic seal’ is understood within the meaning of Article 3(25) to (27) of Regulation (EU) No 910/2014.
(16) ‘electronic stamp’ is understood within the meaning of Article 3(33) and (34) of Regulation (EU) No 910/2014.
(17) ‘electronic registered delivery service’ is understood within the meaning of Article 3(36) and (37) of Regulation (EU) No 910/2014.
(18) ‘personal data’ is understood within the meaning of Article 3(1) of Regulation (EU) 2018/1725.
(19) Article 17 of Regulation (EU) 2018/1725.
(20) Article 18 of Regulation (EU) 2018/1725.
(21) Article 21 of Regulation (EU) 2018/1725.
(22) Article 23 of Regulation (EU) 2018/1725.
(23) ‘processor’ is understood within the meaning of Article 3(12) of Regulation (EU) 2018/1725.
(24) ‘controller’ is understood within the meaning of Article 3(8) of Regulation (EU) 2018/1725.