Ref. Ares(2020)2531349 - 13/05/2020
EUROPEAN
COMMISSION
Brussels, XXX
[…](2019) XXX draft
COMMISSION DECISION
of XXX
on records management and archives
EN EN
COMMISSION DECISION
of XXX
on records management and archives
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Council Regulation (EEC, Euratom) No 354/831, as amended by Council
Regulation (EC, Euratom) No 1700/20032 and Council Regulation (EU) No 2015/4963,
Having regard to Regulation (EU) No 910/20144 of the European Parliament and of the
Council,
Having regard to Commission Decision (EU, Euratom) 2015/443 and its implementing rules5,
Having regard to Commission Decision (EU, Euratom) 2015/444 and its implementing rules6,
Having regard to Commission Decision (EU, Euratom) 2017/467,
Having regard to Regulation (EU) 2018/17258 of the European Parliament and of the Council,
Having regard to Regulation (EC) No 1049/20019 of the European Parliament and of the
Council,
Whereas:
1
Council Regulation (EEC, Euratom) No 354/83 concerning the opening to the public of the historical
archives of the European Economic Community and the European Atomic Energy Community (OJ
L 43, 15.2.1983, p. 1).
2
Council Regulation (EC, Euratom) No 1700/2003 amending Regulation (EEC, Euratom) No 354/83
concerning the opening to the public of the historical archives of the European Economic Community
and the European Atomic Energy Community (OJ L 243, 27.9.2003, pp. 1-4)
3
Council Regulation (EU) 2015/496 of 17 March 2015 amending Regulation (EEC, Euratom) No 354/83
as regards the deposit of the historical archives of the institutions at the European University Institute in
Florence (OJ L 79, 25.3.2015, pp. 1-5).
4
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on
electronic identification and trust services for electronic transactions in the internal market and
repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, pp. 73-114).
5
Commission Decision (EU, Euratom) 2015/443 on security in the Commission (OJ L 72, 17.3.2015,
pp. 41-52), Security Notice C(2019) 1903 on information assessment and classification and Security
Notice C(2019) 1904 for marking and handling of sensitive non-classified information.
6
Commission Decision (EU, Euratom) 2015/444 on the security rules for protecting EU classified
information (OJ L 72, 17.3.2015, pp. 53-88), Security Notice C(2019) 1903 on information assessment
and classification and Security Notice C(2019) 1904 for marking and handling of sensitive non-
classified information.
7
Commission Decision (EU, Euratom) 2017/46 on the security of communication and information
systems in the Commission (OJ L 6, 11.1.2017, pp. 40-51).
8
Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural
persons with regard to the processing of personal data by the Union institutions, bodies, offices and
agencies and on the free movement of such data and repealing Regulation (EC) No 45/2001 and
Decision 1247/2002/EC (OJ L 295, 21.11.2018, pp. 39-98).
9
Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001
regarding public access to European Parliament, Council and Commission documents (OJ L 145,
31.5.2001, pp. 43-48).
EN
1
EN
(1)
The records held by the Commission form the basis for its operation and daily work.
They are part of the Commission’s assets and also fulfil the function of facilitating the
exchange of information, providing evidence of action taken, meeting the institution’s
legal obligations and preserving its memory. They must therefore be managed in
accordance with effective rules applicable to all directorates-general and equivalent
departments.
(2)
The Commission keeps records that are created, received and managed in the course of
its activities. All records, regardless of format and the technological environment in
which they are collected, created or generated, are captured and maintained in an
official electronic repository of records.
(3)
Provisions on records management and archives define the principles of records and
archives management, in order to ensure: the creation, receipt and proper preservation
or elimination of records and their consultation and communication; the authenticity,
reliability, integrity and readability over time of records and the metadata
accompanying them; the identification of each record together with the extraction and
allocation of metadata, so that it can be filed, searched and is easily traceable; the
development, maintenance and updating of the structure of the Commission’s records
and archives management systems, its electronic repositories and its repositories for
analogue media.
(4)
Such principles are intended to cover the lifecycle of Commission’s records, whatever
their medium, making available, exchanging, sharing, reusing and disseminating data,
information and records, in line with the policy governance and practice of the
Commission’s data and information management.
(5)
Effective and proper records management and archiving help meet transparency
obligations, in particular by promoting efficient public access to documents and
implementing the principle of accountability of public actions.
(6)
By Decision 2002/47/EC, ECSC, Euratom, the Commission adopted provisions on
document management and by Decision 2004/563/CE, Euratom it adopted provisions
on electronic and digitised documents to establish electronic document management
and archiving, laying down a common set of rules and procedures applicable to all the
departments.
(7)
It is paramount to update provisions determining the conditions under which
electronic, digitised and electronically transmitted documents are valid and stored, for
the Commission’s purposes.
(8)
The records management and archiving policy should take account of the
Commission’s digital transformation10. Therefore, the principle of the creation of
records only in electronic format is strongly enounced; exceptions to this principle are
nevertheless possible.
(9)
The Union institutions, bodies, offices and agencies are encouraged to recognise
electronic identification and trust services covered by Regulation (EU) No 910/2014
for the purpose of administrative cooperation capitalising, in particular, on existing
good practices and the results of ongoing projects in the areas covered by the
abovementioned Regulation.
10
Communication to the Commission C(2018) 7118 on the European Commission Digital Strategy. See
also Commission Communication C(2016) 6626, which sets out the general orientations of the internal
policy for data, information and knowledge management at the Commission.
EN
2
EN
(10) Commission’s rules and procedures on records management and archives are regularly
updated taking account of developments and results of academic and scientific
research, including the emergence of related standards and developments in
information and communication technologies’.
(11) A records management system does not only register records, but more broadly
captures them to clearly and reliably identify them, ensure their traceability and make
them available to other users through filing or other means of aggregation of records
throughout their life cycle.
(12) Information systems, networks and transmission facilities which feed the
Commission’s records system are protected by adequate security measures in
accordance with the applicable security rules for protecting information.
(13) Data and information are available and shared as widely as possible within the
Commission in order to facilitate the collaborative working of its staff and the
retrievability and reuse of data and information and to promote the synergy of its
resources and improve efficiency.
(14) Each institution of the European Union establishes its historical archives and opens
them to the public in accordance with Regulation (CEE, EURATOM) No 354/83.
Each institution furthermore adopts internal rules for the application of this
Regulation.
(15) Under Regulation (EU) 2018/1725, the Commission is required to provide information
to data subjects on the processing of personal data concerning them and to respect
their rights as data subjects. However, the Commission should reconcile those rights
with the objectives of archiving in the public interest in accordance with data
protection law.
(16) Articles 16(5) and 19(3) of Regulation (EU) 2018/1725 provide for exceptions to data
subjects’ right to information and right to erasure in respect of processing for
archiving purposes in the public interest. Those rights should not apply in principle in
the particular context of the historical archives of the Commission taking into account
the size of the institution and its records and the nature of archiving in the public
interest. The erasure of personal data contained in such records, in particular, would
undermine the validity, integrity and authenticity of the Commission’s archives and is
therefore likely to seriously impair the achievement of the objectives of archiving in
the public interest.
(17) The Commission may be unable or would be required to make a disproportionate
effort to provide information on processing once its files and records selected for
permanent preservation have been transferred to the historical archives. Data subjects
should be informed that records containing their personal data may be transferred to
the historical archives at the end of the retention period defined for such records as
part of the information referred to in Articles 15 and 16 of Regulation (EU) 2018/1725
provided in respect of the original processing operations for purposes of which the
personal data are initially collected.
(18) Article 25(4) of Regulation (EU) 2018/1725 gives the Commission the possibility to
provide for derogations from the rights referred to Articles 17, 18, 20, 21, 22 and 23 of
that Regulation in so far as such rights are likely to render impossible or seriously
impair the achievement of archiving purposes in the public interest and such
derogations are necessary for the fulfilment of those purposes. Unless derogations are
EN
3
EN
provided for in a legal act adopted on the basis of the Treaties, it is necessary to adopt
internal rules under which the Commission is entitled to derogate from those rights.
(19) Granting access to personal data in case of a data subject request which does not
provide specific information regarding the processing concerned by the request may
involve a disproportionate administrative effort or be practically impossible, given the
size and nature of the Commission’s historical archives.
(20) The rectification of personal data would undermine the integrity and authenticity of
the Commission’s archives and defeat the purpose of archiving in the public interest.
This is without prejudice to the possibility of the Commission, in duly justified cases
of inaccurate personal data, to decide to include a supplementary statement or
annotation to the record concerned.
(21) Personal data form an integral and indispensable part of records selected for
permanent preservation. Therefore, granting the right to object to the processing of
personal data contained in such records would render impossible the achievement of
the purposes of archiving in the public interest.
(22) The Commission should impose derogations subject to the conditions and safeguards
referred to in Article 13 of Regulation (EU) 2018/1725.
(23) In application of the principle of accountability, the Commission should keep a record
of its application of derogations.
(24) To guarantee utmost protection of the rights and freedoms of data subjects and in
accordance with Article 44(1) of Regulation (EU) 2018/1725, the Data Protection
Officer of the Commission should be informed in due time of the application of
derogations under this Decision.
(25) All members of staff are accountable for the creation and correct management of the
records related to policies, process and procedures for which they are responsible.
HAS ADOPTED THIS DECISION:
Chapter I
General provisions
Article 1
Subject matter
This Decision lays down rules concerning:
(a)
the management of Commission records and archives;
(b)
the preservation and opening of the archives to the public and for deposit of the
historical archives of the Commission at the Historical Archives of the European
Union at the European University Institute (EUI) in Florence.
Article 2
Scope
This Decision shall apply to records held by the Commission and to its archives, irrespective
of their form, medium, age and location.
EN
4
EN
It may be applicable, by specific agreement, to records held by other entities responsible for
applying certain Union policies or to records exchanged via data transmission networks
between administrations and the Commission.
The scope of the rules contained in this Decision is aligned to the obligations to provide
access to documents held by the Commission in accordance with the principles, modalities
and limits laid down in Regulation (EC) No 1049/2001.
Article 3
Definitions
For the purposes of this Decision, the following definitions shall apply:
(1)
‘record’ means information, received and created in the form of a document, a
collection of data or other form in a digital or analogue medium that is captured in an
official repository and managed and maintained as evidence and as an asset;11
(2)
‘document’ means any content whatever its medium (written on paper or stored in
electronic form or as a sound, visual or audiovisual recording) concerning a matter
relating to the policies, activities and decisions falling within the institution's sphere
of responsibility;12
(3)
‘metadata’ means any information describing the context, content and structure of
records and their management over time for the purposes of,
inter alia, retrieval,
accessibility and reuse;
(4)
‘digitisation’ means the process of transforming a record on paper or any other
traditional medium into an electronic rendition;
(5)
‘official repository of records’ means a system, recognised and approved by the
Secretariat-General, in which records held by the Commission are collected,
organised and categorised to facilitate records retrieval, distribution, use, disposal or
preservation;
(6)
‘capture’ means the insertion of a document into an official electronic repository by
combining a unique identifier and metadata;13
(7)
‘unique identifier’ means sequence of digits or letters, or both, unambiguously
assigned to a record by a machine or person and which identifies that record as
unique and distinct from all other records;
(8)
‘registration’ means capturing a record into a register establishing that it is complete
and properly constituted from an administrative and/or legal standpoint and
certifying that it has been sent by an author to an addressee on a given date, as
incoming or outgoing mail, or has been incorporated into one of the Commission’s
official repositories;
(9)
‘file’ means core around which records are organised in line with the Commission’s
activities, for reasons of proof, justification or information and to guarantee
efficiency in the work. The group of records making up the file is organised in such a
way as to form a coherent and relevant unit in terms of the activities conducted by
the Commission or its departments;
11 ISO
15489-1:2016,
point
3.14.
12
Article 3(a) of Regulation (EC) No 1049/2001.
13
ISO 15489-1:2016, point 9.3.
EN
5
EN
(10)
‘filing plan’ means an instrument with hierarchical and logical structure, in the form
of a tree structure with a number of interlinked headings, which enables files (or
other aggregation of records) to be intellectually organised and linked to the context
in which they were drawn up, on the basis of the functions, activities and working
processes;
(11)
‘electronic signature’ means data in electronic form which is attached to or logically
associated with other data in electronic form and which is used by the signatory to
sign;14
(12)
‘advanced electronic signature’ means an electronic signature that meets the
following requirements: (a) it is uniquely linked to the signatory; (b) it is capable of
identifying the signatory; (c) it is created using electronic signature creation data that
the signatory can, with a high level of confidence, use under his sole control; and (d)
it is linked to the data signed therewith in such a way that any subsequent change in
the data is detectable;15
(13)
‘qualified electronic signature’ means an advanced electronic signature that is created
by a qualified electronic signature creation device and which is based on a qualified
certificate for electronic signatures;16
(14)
‘electronic seal’ means data in electronic form, which is attached to or logically
associated with other data in electronic form to ensure the latter’s origin and
integrity;17
(15)
‘electronic time stamp’ means data in electronic form which binds other data in
electronic form to a particular time establishing evidence that the latter data existed
at that time;18
(16)
‘electronic registered delivery service’ means a service that makes it possible to
transmit data between third parties by electronic means and provides evidence
relating to the handling of the transmitted data, including proof of sending and
receiving the data and that protects transmitted data against the risk of loss, theft,
damage or any unauthorised alterations;19
(17)
‘authenticity’ means the fact that a record can be proved to be what it purports to be,
to have been created or sent by the person purported to have created or sent it and to
have been created or sent when purported;20
(18)
‘reliability’ means the fact that the content of a record can be trusted as full and
accurate representation of the transactions, activities or facts to which they attest and
that the record can be depended upon in the course of subsequent transactions or
activities;21
(19)
‘integrity’ means the fact that a record is complete and unaltered;22
14
Article 3(10) of Regulation (EU) No 910/2014.
15
Articles 3(11) and 26 of Regulation (EU) No 910/2014.
16
Article 3(12) of Regulation (EU) No 910/2014
17
Article 3(25) of Regulation (EU) No 910/2014.
18
Article 3(33) of Regulation (EU) No 910/2014.
19
Article 3(36) of Regulation (EU) No 910/2014.
20
ISO 15489-1:2016, point 5.2.2.1.
21
ISO 15489-1:2016, point 5.2.2.2.
22
ISO 15489-1:2016, point 5.2.2.3.
EN
6
EN
(20)
‘validity’ means the fact that a document has all the intrinsic and extrinsic
characteristics required by its production context, necessary in order to be accepted
as an expression of its author with all its legal consequences;
(21)
‘admissibility’ means the fact that a document has all the intrinsic and extrinsic
characteristics required by its reception context, necessary for it to be accepted as an
expression of its author with all its legal consequences;
(22)
‘preservation’ means all technical processes and operations which make it possible to
keep records over time, to maintain their integrity and authenticity and to guarantee
access to their content;
(23)
‘personal data’ means any information relating to an identified or identifiable natural
person (‘data subject’); an identifiable natural person is one who can be identified,
directly or indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier or to one or more factors
specific to the physical, physiological, genetic, mental, economic, cultural or social
identity of that natural person;23
(24)
‘controller’ means the Union institution or body or the directorate-general or any
other organisational entity which, alone or jointly with others, determines the
purposes and means of the processing of personal data; where the purposes and
means of such processing are determined by a specific Union act, the controller or
the specific criteria for its nomination can be provided for by Union law;24
(25)
‘processor’ means a natural or legal person, public authority, agency or other body
which processes personal data on behalf of the controller.25
Chapter II
Records management
Article 4
Creation
1.
The author of any newly created information shall analyse it in order to determine
the electronic management system by which the information will be managed, if it
will be captured and in which official repository system it will be preserved.
2.
Records shall be created in accordance with the formal requirements laid down by
Commission departments for the relevant types of records.
3.
The Commission’s records shall be created as electronic records and shall be kept in
its official electronic repositories.
Where a provision of Union or national law so requires, or where protocol
convenience imposes paper medium, or where practical reasons impede digitisation
of the document or where the preservation of the original analogue document has an
added value because of its form or the material from which it is made or for
historical reasons, records shall be created and kept in the required medium.
23 Article
3(1)
of
Regulation
(EU)
2018/1725.
24
Article 3(8) of Regulation (EU) 2018/1725.
25
Article 3(12) of Regulation (EU) 2018/1725.
EN
7
EN
Article 5
Digitisation
1.
Information in analogue media created or received by the Commission shall be
systematically digitised. The resulting electronic renditions when captured in an
official electronic repository, shall replace the corresponding original analogue
document, unless a handwritten signature is required by a provision of Union law or
the law of the Member State or third country concerned.
2.
The implementing rules lay down the procedural and technical details of digitisation,
the applicable exceptions and the elimination of analogue records following their
digitisation.
Article 6
Capture
1.
Each directorate-general or equivalent department shall regularly review the types of
information created or received in the course of its activities, to identify which ones
are to be captured in an official electronic repository and, taking account of the
context in which they were produced, to organise their management throughout their
life cycle.
2.
The captured records shall not be altered. They may be removed or replaced by
subsequent versions until the file they belong to is closed.
Article 7
Registration
1.
Documents shall be registered if they contain important information which is not
short-lived or when they may involve action or follow-up by the Commission or one
of its departments.
2.
Registers shall be set up to generate the unique identifiers of the registered records
and the rendition of electronic records.
Any such register shall be connected to one or more electronic repositories.
Exceptions may be made for security reasons.
Article 8
Filing plan
The Secretariat-General maintains the Commission’s filing plan. This filing plan, which can
be accessed by electronic means, is associated with a common nomenclature defined for all
Commission departments. This nomenclature shall form part of the Commission’s activity-
based management.
Article 9
Computerised processes and systems
The Commission’s directorates-general and equivalent departments shall keep and manage
their records by means of computerised processes and computerised systems and structures
with interfaces to ensure storage, access to and recovery of records, unless required otherwise
by a Commission provision.
EN
8
EN
Article 10
Legal effects of electronic signatures, seals, timestamps and electronic registered delivery
services
1.
A qualified electronic signature shall have the equivalent legal effect of a
handwritten signature.
2.
A qualified electronic seal shall enjoy the presumption of integrity of the data and of
correctness of the origin of that data to which the qualified electronic seal is linked.
3.
A qualified electronic time stamp shall enjoy the presumption of the accuracy of the
date and the time it indicates and the integrity of the data to which the date and time
are bound.
4.
Data sent and received using a qualified electronic registered delivery service shall
enjoy the presumption of the integrity of the data, the sending of that data by the
identified sender, its receipt by the identified addressee and the accuracy of the date
and time of sending and receipt indicated by the qualified electronic registered
delivery service.
Article 11
Validity of documents and procedures
1.
A document created or received by the Commission shall be considered to satisfy the
validity or admissibility criteria where the following conditions are met:
(a) the person from whom it originates is identified;
(b) the context in which the document was produced is reliable and the document
meets the conditions that guarantee its integrity;
(c) the document complies with the formal requirements laid down in the
applicable Union or national law;
(d) in the case of an electronic document, the document is created in a way that
guarantees the integrity, reliability and usability of its content and the
accompanying metadata.
2.
An electronic rendition created by digitising an analogue document created or
received by the Commission shall be considered to satisfy the validity or
admissibility criteria where the following conditions are fulfilled:
(a) no signature is required by a provision of Union law or the law of a Member
State or third country concerned,
(b) its format offers guarantees of integrity, reliability, durability, readability over
time and ease of access to the information it contains.
Where a signed analogue document is not required, such an electronic rendition may
be used for any exchange of information and for any internal procedure within the
Commission.
3.
Where a provision in Union or national law requires a signed original of a document,
a document drawn up or received by the Commission shall satisfy that requirement if
the document contains any of the following:
(a) one or more handwritten or qualified electronic signatures,
EN
9
EN
(b) one or more electronic signatures, other than qualified, providing sufficient
guarantees about the identification of the signatory and the expression of their
will in the signed document.
4.
Where a procedure specific to the Commission requires the signature of an
authorised person or the approval of a person at one or more stages of the procedure,
the procedure may be managed by computer systems, provided that each person is
clearly and unambiguously identified and that the system in question provides
guarantees that the content is not altered during the procedure.
5.
Where a procedure involves the Commission and other entities and requires the
signature of an authorised person or the approval of a person at one or more stages of
the procedure, the procedure may be managed by computer systems offering
conditions and technical assurances determined by mutual agreement.
Article 12
Provision of data and information within the Commission
1.
Data and information shall be made available and shared as widely as possible within
the Commission, unless legal obligations require limiting access.
2.
In the interest of information sharing, directorates-general and equivalent
departments shall ensure that their files are as widely accessible as the sensitivity of
their content allows.
Article 13
Information security and protection
Records shall be managed in accordance with the Commission security rules applicable to the
protection of information. To this end, records, files, information systems and archives,
including their networks and means of transmission, shall be protected by appropriate security
measures for the management of classified information, sensitive non-classified information
and personal data.
Classified information shall be processed in accordance with the rules in force on security.
Chapter III
Preservation and historical archives
Article 14
Storage and preservation
1.
Storage and preservation shall take place under the following conditions:
(a) records shall be stored in the form in which they were created, sent or received
or in a form which preserves the authenticity, reliability and the integrity of
their content and of the accompanying metadata;
(b) the contents of records and their relevant metadata must be readable throughout
their period of their storage by any person authorised to have access to them;
(c) where records sent or received electronically, the information required to
determine its origin or destination and the date and time of the capture or
registration, shall be part of the minimum metadata to be stored;
EN
10
EN
(d) as regards electronic procedures managed by IT systems, information
concerning the formal stages of the procedure shall be stored under such
conditions as to ensure that those stages and the authors and participants can be
identified.
2.
The Secretary-General shall ensure the implementation of a digital preservation
strategy to ensure long-term access to electronic records on the basis of the retention
lists referred in Article 15(1). The strategy shall be drawn up in cooperation with the
Historical Archives Service and shall ensure that processes, tools and resources are in
place to ensure the authenticity, reliability and integrity of records and their
accessibility.
Article 15
Retention, transfer and elimination
1.
The retention period for the various categories of files and, in certain cases, records,
shall be defined for the whole Commission by way of regulatory instruments, such as
the common retention list, or one or more specific retention lists drawn up on the
basis of the organisational context, the existing legislation and the Commission’s
legal obligations.
2.
Directorates-general and equivalent departments shall regularly conduct an appraisal
of records and files managed by them in view of assessing whether they shall be
transferred to the Commission’s historical archives referred to in Article 16, or
eliminated.
However, a set of metadata on records and files shall be retained in the original
electronic repository as evidence of such records and files and their transfer or
elimination.
3.
EU classified information with a classification CONFIDENTIEL UE/EU
CONFIDENTIAL or higher, shall not be transferred to the Historical Archives
Service.
Article 16
Commission’s Historical Archives Service
The tasks of the Historical Archives Service shall be to:
(a)
guarantee the authenticity, reliability and integrity of and access to the records, files
and archives of the Commission which have been transferred to it;
(b)
ensure the material protection and integrity of the metadata of records and files
provided by the transferring departments;
(c)
make records and files available on request to the directorates-general or equivalent
departments;
(d)
undertake, where necessary and in cooperation with the originating directorate-
general or equivalent department or its successor, the second review of all transferred
records, files and archives;
(e)
initiate the declassification of classified documents as referred in Articles 2 and 5 of
Council Regulation (EC, Euratom) No 354/1983;
(f)
open the historical archives to the public after the expiry of a period of 30 years,
except for those records covered by exceptions relating to the privacy and integrity of
EN
11
EN
individuals, or the commercial interests of a natural or legal person, including
intellectual property;
(g)
deposit the historical archives that have been opened to the public at the historical
archives of the EU.
Article 17
Processing of personal data contained in the historical archives
1.
The following derogations from the rights of data subjects shall apply in accordance
with Article 25(4) of Regulation (EU) 2018/1725, as necessary for the fulfilment of
archiving purposes in the public interest and in order to preserve the integrity of the
historical archives, in particular:
(a) the right of access26, in so far as the request of the data subject does not allow
for the identification of specific records without involving disproportionate
administrative effort. In assessing the action to be taken on the request of the
data subject and the administrative effort required account shall be taken in
particular of the information provided by the data subject and the nature, scope
and size of the records potentially concerned,
(b) the right to rectification27, as rectification renders impossible to preserve the
integrity and authenticity of records selected for permanent preservation in the
historical archives, without prejudice to the possibility of a supplementary
statement or annotation to the record concerned, unless this proves impossible
or involves disproportionate effort,
(c) the obligation to notify the rectification or erasure of personal data28 in so far as
this proves impossible or involves disproportionate effort,
(d) the right to object to the processing29, in so far as the personal data are
contained in records selected for permanent preservation in the historical
archives as an integral and indispensable part of these records.
2.
The Commission shall implement appropriate safeguards to ensure compliance with
Article 13 of the Regulation (EU) 2018/1725. Such safeguards shall include technical
and organisational measures in particular in order to ensure respect for the principle
of data minimisation. The safeguards shall include:
(a) the files to be transferred to the historical archives are selected following a
case-by-case assessment according to the Commission’s retention lists. All the
other files, including structured personal data files, such as personal and
medical files are eliminated at the end of the administrative retention period;
(b) the retention lists provide for the administrative elimination of certain types of
records before the end of the administrative retention period. Consequently,
these types of records are not processed for archiving purposes in the public
interest;
(c) prior to processing for archiving purposes in the public interest, the directorate-
general or equivalent department reports the potential presence of records
26
Articles 17 of Regulation (EU) 2018/1725.
27 Article
18
of
Regulation
(EU)
2018/1725.
28 Article
21
of
Regulation
(EU)
2018/1725.
29 Article
23
of
Regulation
(EU)
2018/1725.
EN
12
EN
covered by Article 2(1) of Council Regulation (EEC, Euratom) No 354/83 in
the files to be transferred to the historical archives;
(d) before any Commission file is opened to the public, the Historical Archives
Service reviews it to verify the possible presence of records covered by the
exceptions indicated in Article 2(1) of Council Regulation (EEC, Euratom)
No 354/83, including on the basis of the signposting referred to in point (c)
with the aim of protecting personal data.
3.
The Commission shall record the reasons for derogations applied pursuant to this
Decision. The record and, where applicable, the documents concerning the factual or
legal context shall be registered. They shall be made available to the European Data
Protection Supervisor on request.
4.
The Data Protection Officer of the Commission shall be informed, without any undue
delay, of the application of derogations from data subject rights in accordance with
this Decision. Upon request, the Data Protection Officer shall be provided with
access to the associated records and any documents concerning the factual or legal
context.
Article 18
Deposit of the Commission’s historical archives at the EUI
1.
The Commission’s Historical Archives Service shall provide the EUI, where
possible, access to digitised copies of records on an analogue medium.
2.
The EUI shall be the main access point to the Commission’s historical archives that
are open to the public.
3.
The Commission’s Historical Archives Service shall send EUI descriptions of the
deposited archives. In accordance with international standards and to facilitate the
exchange of metadata, the Commission will promote interoperability between its
archives systems and those of by the EUI.
4.
The EUI acts as processor in accordance with Article 3 of Regulation (EU)
2018/1725, under instructions from the Commission which acts as controller of
personal data contained in the historical archives deposited at the EUI. The
Commission’s Historical Archives Service provides, on behalf of the Commission,
the necessary instructions for the processing of personal data contained in the
deposited archives by the EUI and monitors its performance.
5.
Classified information shall not be deposited at the EUI.
Chapter IV
Governance and implementation
Article 19
Governance at Commission level
1.
Each director-general or head of department shall put in place the necessary
organisational, administrative and physical structure and provide the staff required
for the implementation of this Decision and the implementing rules by their
departments.
EN
13
EN
2.
The Secretariat-General shall be responsible for ensuring that this Decision and its
implementing rules are applied.
3.
The Directorate-General for Informatics shall be responsible to provide the
technological infrastructure to implement this Decision.
Article 20
Network of document management officers
1.
Each director-general or head of department shall designate a document management
officer for the purpose of maintaining a modern and efficient records management
system in their department and of ensuring coordination within their department,
with the Secretariat-General and the other departments of the Commission.
2.
The role of the network of document management officers, chaired by the
Secretariat-General, shall be to:
(a) ensure the correct and uniform application of this Decision within the
Commission Departments;
(b) deal with any issues which may arise from their application;
(c) share the requirements of directorates-general and equivalent departments as
regards training and support measures.
Article 21
Information, training and support
The Secretariat-General, in close cooperation with the Directorate-General for Informatics,
the Directorate-General for Human Resources and Security and the Commission’s Historical
Archives Service, shall put in place the information, training and support measures necessary
to ensure the application of this Decision within the directorates-general and equivalent
departments.
Article 22
Implementing rules
The Secretary-General shall ensure the implementation of implementing rules, which will be
drawn up in coordination with the directorates-general and equivalent departments.
They shall be regularly updated taking account in particular of:
(a)
developments regarding records and archives management and results of academic
and scientific research, including the emergence of related standards,
(b)
developments in information and communication technologies,
(c)
the applicable rules on the probative value of electronic records,
(d)
the Commission’s obligations as regards transparency, public access to documents
and the opening to the public of archives,
(e)
any new obligations by which the Commission may be bound,
(f)
harmonisation in the presentation of records from the Commission and its
departments.
EN
14
EN
Article 23
Repeal of previous acts
Decision 2002/47/EC, ECSC, Euratom and Decision 2004/563/EC, Euratom are repealed.
Article 24
Entry in force
This Decision shall enter into force on the day of its adoption.
Done at Brussels,
For the Commission
[…]
The President
EN
15
EN