The European Data Protection Supervisor (EDPS) adopted a Policy on Consultations in the field of Supervision & Enforcement which provides guidance to EU institutions and bodies and Data Protection Officers (DPOs) on consulting the EDPS when drawing up measures or internal rules which involve the processing of personal information.

The European Data Protection Supervisor (EDPS) adopted a Policy on Consultations in the field of Supervision & Enforcement which provides guidance to EU institutions and bodies and Data Protection Officers (DPOs) on data protection. According to the EDPS, with this policy, EU institutions and bodies should be fully accountable for their data protection responsibilities. Staff recruitment and evaluation activities, contract tenders, complaints or requests for information, video surveillance and maintenance of databases are a few examples of activities where the processing of personal information can affect staff and citizens. In June 2012, the EDPS highlighted that the EU needs a consistent and effective approach to privacy and data protection.

The new policy ensures that when an EU institution or body draws up measures that affect data protection rights, it must first ensure that proper attention is paid to respecting its obligations under the Regulation before adopting the measure. One of the most effective means of ensuring this is to involve the DPO right at the outset for his or her advice. The DPO ensures, in an independent manner, the internal application of the Regulation and that the rights and freedoms of individuals are unlikely to be adversely affected by the processing operations.

Personal data mean any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, e-mail addresses and telephone numbers. Other details such as health data, data used for evaluation purposes and traffic data on the use of telephone, email or internet are also considered personal data. Moreover, data controller is the EU institution or body that determines the purposes and means of the processing of personal information on behalf of an institution or body. The data controller is also responsible for the security measures protecting the information.