Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data
This Regulation contains provisions aiming to protect personal data processed by European Union (EU) institutions and bodies.
These provisions aim to ensure a high level of protection for personal data managed by Community institutions and bodies. In particular, such data have to be:
- processed fairly and lawfully;
- collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
- adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;
- accurate and, where necessary, kept up to date (all reasonable steps should be taken to ensure that data which are inaccurate or incomplete in relation to the purposes for which they are collected or for which they are further processed, are erased or rectified);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are collected or for which they are further processed.
This Regulation also provides for the establishment of a “European Data Protection Authority”, an independent Community authority responsible for monitoring the correct application of the data protection rules by the EU institutions and bodies. This authority will be comparable to the data protection authorities established by Member States in accordance with Directive 95/46/EC on data protection. Citizens will thus be able to lodge complaints directly with that authority if they consider their data protection rights under the Regulation have not been respected.
Each Community institution and body shall appoint at least one person as Data Protection Officer with the task of cooperating with the Data Protection Supervisor and ensuring that the rights and freedoms of the data subjects are unlikely to be adversely affected by the data processing.
Citizens enjoy legally enforceable rights under the Regulation, such as the right to access, rectify, block or delete personal data relating to them in files held by the Community institutions and bodies.
- Directive 95/46/EC
- Commission Decision 2008/597/EC of 3 June 2008 adopting implementing rules concerning the Data Protection Officer pursuant to Article 24(8) of Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data [Official Journal L 193 of 22.7.2008]