Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the EU institutions, bodies, offices and agencies comes into force as of 11 December 2018.
- In line with the philosophy, definitions, principles and other rules regarding the protection of personal data as set by GDPR, the new Regulation introduces corresponting measures for the protection of personal data of natural persons against EU institutional bodies.
- The scope of the new provisions cover, on one hand, the processing of personal data by EU institutions, bodies and authorities, and on the other hand their transfer among these institutional bodies, to the extent required, taking into account the EU Treaties restrictions, as well as further operational needs and internal policies of EU bodies.
- The new Regulation, like GDPR, sets the principles for the processing of personal data by the EU institutional bodies.
- The new Regulation explicitly stipulates the right to information, as well as other rights of the data subjects, which are identical to those granted and described in detail in GDPR.
- The new Regulation defines the role of the Data Protection Officers of every EU institution, and the role of the European Data Protection Supervisor, who is responsible for ensuring that the EU institutions and bodies respect the fundamentals rights and freedoms of individuals, and in particular their right to data protection.
- Particular emphasis is placed on electronic services privacy.
- As of 11 December 2018, Regulation 45/2001 and Decision 1247/2002/EC on the regulations and general conditions governing the performance of the European Data Protection Supervisor's duties are repealed. As a result, any references to the repealed Regulation and Decision are considered as references to the new Regulation.