The European Data Protection Board (EDPB) and its Secretariat process personal data in the context of their activities, which are defined in Regulation (EU) 2016/679 (also known as the General Data Protection Regulation, or GDPR) and in the EDPB’s Rules of Procedure.
Any processing of personal data conducted by the EDPB and/or its Secretariat is done in compliance with Regulation (EU) 2018/1725, the legal act applicable to the processing of personal data by EU institutions, bodies and offices.
PLEASE NOTE: the EDPB is not a supervisory authority and it does not process any personal data unrelated to its activities and objectives (you can find more about the EDPB’s mission on its website). The EDPB does not have investigative, corrective or sanctioning powers. It does not have a centralised access to personal data processing operations or to any databases of private or public organisations holding personal data.
Therefore, if you have a request or a complaint regarding the processing of your personal data by any other organisation, be it public or private, unrelated to the EDPB and/or its Secretariat, please contact said organisation directly. In alternative, you can always contact the data protection authority of your country/lander of residence (for European Economic Area residents). You can find the list of supervisory authorities here.
EDPB and EDPB Secretariat processing activities
As stipulated in article 31 of Regulation 2018/1725, the EDPB has a centralised registry of records of its processing activities involving the processing of personal data (forthcoming). Please note that the registry will be updated on a regular basis.
The EDPB also has a list of privacy notices related to its processing operations. This list aims to give you an overview, as a data subject, of how your personal data is processed by the EDPB and/or its Secretariat in the context of its activities. They also set forth your rights as a data subject. The list of privacy notices is available here: EDPB Specific Privacy Statements.
Please note that the EDPB and/or its Secretariat may update any of its records and notices when required or relevant, as part of its continuous assessment of its processing operations.
EDPB Data Protection Officer (DPO)
The EDPB has a designated DPO, in accordance with article 43 of Regulation 2018/1725. The DPO’s position and tasks are defined in articles 44 and 45 of said Regulation, and further detailed in the EDPB DPO Implementing Rules. You can contact the Data Protection Officer of the EDPB through the following email: EDPB-DPO@edpb.europa.eu. You can also send your request by post.
Requests for information and for the exercise of your rights
If you would like to receive any information about your personal data, or exercise any of your rights foreseen in articles 15 to 24 of Regulation 2018/1725, you can contact the EDPB directly at firstname.lastname@example.org, making specific reference to your request. You can also contact the EDPB's Data Protection Officer of the EDPB at the email mentioned above. We will ensure the exercise of your rights within the conditions foreseen in the Regulation.
European Data Protection Supervisor (EDPS)
The EDPB, as all other EU institutions, bodies and offices subject to Regulation 2018/1725, is subject to the supervision of the European Data Protection Supervisor (EDPS), whose role, tasks and powers are defined in Chapter VI of Regulation 2018/1725. If you have any complaints concerning the processing of your personal data by the EDPB and/or its Secretariat, you can contact the EDPS via their webpage. You can also find more information about the EDPS at edps.europa.eu.
PLEASE NOTE: while the EDPS and the EDPB work very closely together (the EDPS is a member of the Board and ensures the staffing of the Secretariat of the EDPB), they are two different bodies, each with its own legal personality and with different mandates, tasks and roles. You can find more information about the EDPB - EDPS relations in the EDPB-EDPS Memorandum of Understanding.