Basic data protection rules within the institutions
"Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data"
The purpose of the Regulation is to protect the freedoms and fundamental rights of individuals with regard to processing of personal data carried out by EU institutions and bodies.
It determines the principles to be respected by EU institutions (lawfulness, fairness, purpose, proportionality and security), the obligations of the persons processing personal data (data controllers) and the rights of individuals whose personal data are processed (data subjects), in particular those working for the institutions. The Regulation provides for the appointment of a Data Protection Officer (DPO) in each institution and also for the appointment of the European Data Protection Supervisor (EDPS) at European level.
Rules specific to the Council: implementing rules
"Council Decision 2004/644/EC adopting implementing rules concerning Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data"
These implementing rules, applicable to the Council of the European Union, further develop the provisions on the status of the DPO and on the obligations of data controllers. The Decision also establishes the procedures to be followed for the exercise of rights by data subjects. In addition, it sets out the rules applicable to the investigation procedure of the DPO. To obtain the form necessary for requesting the DPO to investigate a given matter, please contact the DPO office indicating your language preference.