ºÏ·¨²©²ÊÍøÕ¾

Data Protection
Parlament Ewropew

Legal Framework

The right to data protection is one of the fundamental rights enshrined in (Charter). In accordance with Article 8 of the Charter, everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. Compliance with these rules shall be subject to control by an independent authority.

In the EU Member States the processing of personal data is governed by . On the other hand, the legal framework for processing personal data by EU institutions and bodies is established in . The GDPR and Regulation (EU) 2018/1725 are very close in terms of the rules that they set for the use of personal data. However, it is important not to confuse them and remember that the GDPR is not applicable to the EU institutions and bodies (as they have their own regulation as explained above).

In the European ºÏ·¨²©²ÊÍøÕ¾, the Bureau, which is one of the governing bodies of the ºÏ·¨²©²ÊÍøÕ¾, adopted (Implementing Rules) in order to operationalize some of the provisions of Regulation (EU) 2018/1725. In particular, the Implementing Rules establish a procedure for the ºÏ·¨²©²ÊÍøÕ¾ on how to handle data subjects requests as well as establish the conditions for the application of restrictions on data subjects rights. They can be thus seen as procedural guarantees that ensure legal certainty for data subjects concerning the exercise of their rights under Regulation (EU) 2018/1725.

The application of Regulation (EU) 2018/1725 by the ºÏ·¨²©²ÊÍøÕ¾ (or by any other EU body) is supervised by the European Data Protection Supervisor (EDPS). The EDPS adopts guidelines that help the EU institutions and bodies to interpret and apply the rules on data protection. .

As mentioned above, Regulation (EU) 2018/1725 and the GDPR are very close to one another in their substance. For this reason, the guidelines of the European Data Protection Board (EDPB), a body established under the GDPR, are also relevant for the EU institutions and bodies. .

Last but not least, the Court of Justice of the European Union (Court) ensures that EU laws, including the laws on data protection are interpreted and applied in a harmonized manner across the EU. The jurisprudence of the Court has a great impact on how to implement data protection rules in practice. .

Links