Not all EU institutions and bodies are performing as well as they should regarding data protection
The European Data Protection Supervisor (EDPS) published its results of his latest general survey of compliance with the Data Protection Regulation. According to Peter Hustinx, the EDPS, the results show that EU institutions and bodies have different levels of data protection compliance and he reminds that the implementation of data protection principles is not only a matter of time and resources, but also of organisational will.
The results of the latest general survey of compliance with the Data Protection Regulation show that EU institutions and bodies process personal data both in their daily work and in their core business activities. The EDPS is concerned that not all EU institutions and bodies are performing as well as they should. Implementation of data protection principles is not only a matter of time and resources, but also of organisational will. Moreover, the Commission has recently proposed to reform EU's data protection rules.
The EDPS has analysed the performance of all 58 EU institutions and bodies in certain key areas. Bearing in mind, daily work and in their core business activities, they have to comply with data protection principles and obligations and respect the rights of the individuals involved. The report emphasises the progress made by institutions and bodies in implementing the Regulation. But institutions and bodies are scoring differently on data protection compliance and some of them clearly fail to meet reasonable expectations.
The results of this survey will be taken into account by the EDPS in planning guidance to institutions and bodies, enforcement actions and other measures to promote accountability. In this respect, a number of targeted visits have been also planned on the basis of the outcome of this exercise. Such visits typically lead to an agreed roadmap of follow up activities in order to boost compliance.