Regulation (EC) No 45/2001 lays down the rules for data protection in the EU institutions and bodies. In addition to outlining the legal principles regarding the processing of personal data by the European institutions and bodies, it sets out the rights of data subjects, the obligations of data controllers and the role of the Data Protection Officer (DPO).
A data subject has the right to access his/her personal data, free of charge and without constraint. He/she can request the rectification or blocking of inaccurate or incomplete personal data or the erasure of personal data unlawfully processed. A data subject also has the right to object, on compelling grounds, to the processing of his/her personal data.
Controllers (organisational entities that determine the purpose and means of processing personal data) must ensure that personal data are processed only for clearly defined and legitimate purposes and processed fairly and lawfully and in a secure manner. They are also responsible for ensuring that data are accurate, adequate, relevant, not excessive and not kept longer than necessary. Controllers also have to inform data subjects how their data are processed and to ensure that data are transferred to third parties only after adequate safeguards have been put in place.
In addition, Regulation (EC) No 45/2001 stipulates that each institution or body must appoint at least one person as data protection officer (DPO). The DPO is responsible for independently monitoring the internal application of the provisions of the regulation within the institution concerned. The DPO may make recommendations for the improvement of data protection within the organisation. The DPO may investigate matters and occurrences directly related to his or her duties. The DPO notifies the EDPS of the processing operations likely to present specific risks, and maintains a register of data processing operations. The DPO may be consulted by any individual without going through the official channels on any matter concerning the interpretation or application of the regulation.
If you have any questions about the processing of your personal data, you may contact the relevant data controller as indicated in the privacy statement. You may also contact, at any time, the EESC DPO (data [dot] protectioneesc [dot] europa [dot] eu) and/or the European Data Protection Supervisor (edpsedps [dot] europa [dot] eu).EESC Data Protection Officer
European Economic and Social Committee
Rue Belliard, 99-101, JDE 4030
Tel: +32 2 546 9836
e-mail: EESC data protection