Lexicon > European Data Protection Supervisor

IT Lexicon

European Data Protection Supervisor

The European Data Protection Supervisor is an independent European body that primarily monitors the correct application of the GDPR and Regulation 2018/1725 by the institutions and other bodies of the European Union.

More specifically, its missions are to :

  • To control and ensure the protection of personal data when they are processed by the institutions and bodies of the European Union;
  • To advise the institutions and bodies of the European Union in matters concerning the processing of personal data;
  • Monitor new technologies that may affect the protection of personal data;
  • Intervene before the Court of Justice of the European Union (CJEU) to provide a technical interpretation of personal data protection legislation;
  • Cooperate with national supervisory authorities to promote consistency in the protection of personal data.

It must also issue recommendations and guidelines, and propose orientations to respond to new challenges related to personal data.

In order to carry out his missions, the controller has the power to

  • To order the institutions and bodies of the European Union to communicate to it or give it access to any information it needs to carry out its tasks;
  • Conducting investigations in the form of data protection audits;
    Notifying EU institutions and bodies of an alleged breach of the GDPR;
  • Warn, call to order, order to bring processing operations into conformity or to comply with requests made by data subjects, but also to limit or prohibit 50,000 per violation and 500,000 euros per year in total.

When the EDPS exercises one of his powers, the institution or body concerned will inform the EDPS of its views within a reasonable time limit set by the EDPS.

The European Data Protection Supervisor also participates in the European Data Protection Committee, including providing its secretariat.

In addition, the controller must cooperate with the national supervisory authorities and the data protection officers of the EU institutions and bodies.

Furthermore, and without prejudice to other remedies, any data subject has the right to lodge a complaint with the European Data Protection Supervisor if he/she considers that the processing of his/her personal data by an institution or body of the European Union constitutes a violation of the GDPR.

GDPR Point

The Committee (i.e. the European Data Protection Committee) should be assisted by a secretariat provided by the European Data Protection Supervisor. The staff of the European Data Protection Supervisor carrying out the tasks entrusted to the Committee by this Regulation should take instructions only from the Chairman of the Committee and should be placed under his authority “.

Recital 140 of the GDPR

Point of jurisprudence

The European Data Protection Supervisor found that the Court of Justice of the European Union had violated Regulation 2018/1725 by failing to ” did not provide users of its website with a way to withdraw their consent to the use of cookies as easily as if they were giving it – such as an “opt-out” button displayed in the same place and manner as the “accept” button. Instead, to decline cookies, users had to click on the “more information” button and scroll almost to the bottom of the page to withdraw their consent.

European Data Protection Committee, May 3, 2021, No. 2019-0878

The Bouchara firm assists you in particular in :

  • Making your organization GDPR compliant;
  • The drafting of data protection policies (privacy policy, computer charter …);
  • Documentation of your processing (register of processing activities, register of violations, privacy impact analysis, prior consultation…);
  • Obtaining certifications and adhering to codes of conduct;
  • The study of the legal feasibility of the implementation of a new personal data processing;
  • The drafting and transmission of your codes of conduct to the CNIL for approval;
  • Legal analysis of the compliance of your data processing, including data transfers outside the European Economic Area;
  • Drafting and negotiating your data processing agreements (DPA);
  • Drafting your Binding Corporate Rules (BCR) and Codes of Conduct;
  • Training and awareness of your employees.

We are also the external Data Protection Officer of many data processors and subcontractors.