Data Breach Notifications

The request was partially successful.

Dear European Data Protection Supervisor,

Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:

From 12 December 2018, under Regulation (EU) 1725/2018 all European institutions and bodies have a duty to report certain types of personal data breaches to the EDPS. Every EU institution must do this within 72 hours of becoming aware of the breach, where feasible.

I request a list of all such notifications, including what institution reported them, the date, the type of breach and a brief summary in each case.

Yours faithfully,

Alexander Fanta

European Data Protection Supervisor

3 Attachments

Dear Mr Fanta,

 

We acknowledge receipt of your request which was registered on 26 February
2020. In accordance with Article 7(1) of Regulation (EC) No 1049/2001
regarding public access to European Parliament, Council and Commission
documents, you will receive a reply within 15 working days (by 18 March
2020).

 

Your case has been registered with case number 2020-0251.

 

Please note that your personal data will only be processed for the
purposes of replying to your request and in accordance with the data
protection statement set out below. You can find the full version of our
data protection notice on access to documents requests on our [1]website.

 

Yours sincerely,

 

 

  EDPS Secretariat
[2]cid:image001.png@01D4D8CD.D37C9700
[3]| Tel. (+32) 228 31900  |
Fax +32(0)22831950  | ›  
Email  [4][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[5]Twitter [6]@EU_EDPS  
[7]Website [8]www.edps.europa.eu
This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

Personal Data Protection Statement

According to Articles 15 and 16 of Regulation (EU) 2018/1725 on the
protection of natural persons with regard to the processing of personal
data by the Union institutions, bodies, offices and agencies and on the
free movement of such data, please be aware that your personal data will
be processed by the EDPS, where proportionate and necessary, for the
purpose of answering your request. The legal base for this processing
operation is Regulation (EC) 1049/2001 and Article 52 (4) of Regulation
(EU) 2018/1725. Subject to applicable rules under EU legislation, the
personal data relating to you, as provided in your request, are used
solely for the purpose of replying to your request. EDPS staff members
dealing with the request will have access to the case file containing your
personal data on a need-to-know basis. Your personal data are not
disclosed outside the EDPS. Your personal data will be stored
electronically for a maximum of ten years after the closure of the case,
or as long as the EDPS is under a legal obligation to do so. You have the
right to access your personal data held by the EDPS and to obtain the
rectification thereof, if necessary. Any such request should be addressed
to the EDPS at [9][EDPS request email]. You may contact the data protection
officer of the EDPS ([10][email address]), if you have any remarks
or complaints regarding the way we process your personal data.

 

 

 

 

 

References

Visible links
1. https://edps.europa.eu/sites/edp/files/p...
3. file:///tmp/tel:+3222831900
4. mailto:[EDPS request email]
6. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
8. http://www.edps.europa.eu/
http://www.edps.europa.eu/
9. mailto:[EDPS request email]
10. mailto:[email address]

European Data Protection Supervisor

3 Attachments

Dear Mr Fanta,

 

We refer to your email of 26 February 2020 in which you made an access to
documents to the EDPS, registered with case number 2020-0251.

 

The EDPS is currently handling your request. We are examining the
requested documents in order to assess whether (full or partial) access
can be granted or not. However, due to the fact that most of the
information is stemming from other EU institutions, bodies and agencies,
we have to consult them in line with Article 4(4) of Regulation 1049/2001.
All of the concerned institutions have not yet been consulted and, from
the institutions which have been, some of them have already requested an
extended deadline to provide their reply to the EDPS. Therefore, the EDPS
will not be in a position to respond within the original time limit of 15
working days which expires 18 March. We have therefore decided to extend
the time limit by 15 working days in accordance with Article 7(3) of
Regulation (EC) 1049/2001. You should expect to receive a reply from the
EDPS by 8 April 2020.

 

We apologise for the delay and any inconvenience this might cause.

 

Kind regards,

 

 

  EDPS Secretariat
[1]cid:image001.png@01D4D8CD.D37C9700
[2]| Tel. (+32) 228 31900  |
Fax +32(0)22831950  | ›  
Email  [3][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[4]Twitter [5]@EU_EDPS  
[6]Website [7]www.edps.europa.eu
This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

 

 

References

Visible links
2. file:///tmp/tel:+3222831900
3. mailto:[EDPS request email]
5. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
7. http://www.edps.europa.eu/
http://www.edps.europa.eu/

European Data Protection Supervisor

5 Attachments

Dear Sir,

 

Please find attached a letter and its annex, signed electronically by Mr
ZERDICK for the above mentioned subject.

 

Kind regards,

 

 

  EDPS Secretariat
[1]cid:image001.png@01D4D8CD.D37C9700
[2]| Tel. (+32) 228 31900  |
Fax +32(0)22831950  | ›  
Email  [3][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[4]Twitter [5]@EU_EDPS  
[6]Website [7]www.edps.europa.eu
This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

 

 

References

Visible links
2. file:///tmp/tel:+3222831900
3. mailto:[EDPS request email]
5. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
7. http://www.edps.europa.eu/
http://www.edps.europa.eu/