Today, the European Data Protection Supervisor (EDPS) published the results of his latest general survey of compliance with the Data Protection Regulation. EU institutions and bodies process personal data both in their daily work and in their core business activities. In both cases they have to comply with data protection principles and obligations and respect the rights of the individuals involved. In his latest stock-taking exercise, the EDPS has analysed the performance of all 58 EU institutions and bodies in certain key areas.
The report emphasises the progress made by institutions and bodies in implementing the Regulation, but also underlines shortcomings. Institutions and bodies have been divided in four groups to allow meaningful comparison between peers. Benchmarks have been established on the basis of the results achieved in each group, indicating the threshold that an institution or body should reasonably meet. Within these peer groups, institutions and bodies are scoring differently on data protection compliance and some of them clearly fail to meet reasonable expectations.
Peter Hustinx, EDPS, states: “I am concerned that not all EU institutions and bodies are performing as well as they should. Implementation of data protection principles is not only a matter of time and resources, but also of organisational will. Ensuring compliance is a process that requires the commitment and support of the hierarchy in all institutions and bodies.” Here to read more.
