Press Releases EDPS report: EU Institutions’ resilience to COVID-19

EDPS report: EU Institutions’ resilience to COVID-19

Today, the European Data Protection Supervisor (EDPS) published a report on the new processing operations, and on the IT tools that EU institutions, bodies, offices and agencies (EUIs) introduced to ensure business continuity during the COVID-19 pandemic and the compliance of these activities with Regulation (EU) 2018/1725.

The report is based on an earlier survey and comprises three parts: new processing operations implemented by EUIs; IT tools implemented or enhanced by EUIs to enable teleworking; and new processing operations implemented by EUIs in charge of tasks related to public health.

 Wojciech Wiewiórowski, EDPS, said: “EUIs made substantial efforts to ensure that new processing operations introduced in response to the COVID-19 pandemic were compliant with the Regulation in very short timeframes. This report enables the EDPS to provide further guidance to EUIs with regard to data protection aspects that deserve closer consideration. I invite EUIs to reassess their existing processing operations put in place during the pandemic, with the report’s recommendations in mind. The report’s conclusions also have relevance given that COVID-19’s long-lasting legacy may have an impact on EUIs’ operations concerning teleworking and remote recruitment practices for example.”

The dynamic evolution of the COVID-19 pandemic means that EUIs must continually adapt their processes. The report aims to support them in what appears to be a long-lasting challenge, which will likely continue to have an impact even after the end of the pandemic.

The survey results will feed into updating existing EDPS guidelines, or contribute to the development of new guidelines, depending on the evolution of the pandemic and the new practices that will continue once it is over. The survey results will also inform the EDPS’ execution of audits and investigations under Article 58 of Regulation (EU) 2018/1725.

Background information

The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.

Wojciech Wiewiórowski (EDPS), was appointed by a joint decision of the European Parliament and the Council on to serve a five-year term, beginning on 6 December 2019

Personal data: see EDPS Glossary

Processing personal data: see EDPS Glossary

Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).

The European Data Protection Supervisor (EDPS) is the independent supervisory authority for the protection of personal data and privacy and promoting good practice in the EU institutions and bodies.

He does so by:

·       monitoring the EU administration’s processing of personal data;

·       monitoring and advising technological developments on policies and legislation that affect privacy and personal data protection;

·       carrying out investigations in the form of data protection audits/inspections;

·       cooperating with other supervisory authorities to ensure consistency in the protection of personal

EDPS – The EU’s Independent Data Protection Authority


Questions can be directed to


  EDPS Press Service

Tel. (+32) 228 31900   | Fax: (+32) 228 31950
European Data Protection Supervisor
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels



Leave a Reply

Your email address will not be published. Required fields are marked *