The protection of personal data is a fundamental right enshrined in the article 8 of the Charter of Fundamental Rights of the European Union. The protection of personal data also applies to the processing of personal data by the EU institutions, bodies, offices and agencies.
The Commission's proposal aims to align the provisions of Regulation (EC) No 45/2001, the main piece of existing EU legislation on personal data protection in the Union institutions, with the principles and rules laid down in the General Data Protection Regulation, adopted in April 2016 and applicable as of 25 May 2018. The goal is to provide a strong and coherent data protection framework and its homogeneous interpretation throughout the Union, as well as to align the data protection rules with those adopted for the Member States.
The proposal provides natural persons with legally enforceable rights and specifies the data processing obligations of the controllers in the Union institutions, bodies, offices and agencies. It also provides for an independent supervisory authority, the European Data Protection Supervisor, to be responsible for monitoring the processing of personal data by the Union institutions, bodies, offices and agencies. Increased use of its supervisory authority powers could lead to better implementation of data protection rules.