SDPC, DPA and TIA for the use of personal data processing software by the European Commission
Heiko Roth made this access to documents request to Data Protection Officer
Automatic anti-spam measures are in place for this older request. Please let us know if a further response is expected or if you are having trouble responding.
Dear Data Protection Officer,
Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:
1) Indication of whether, which and for what purpose personal data processing services / software of organizations (e.g., as processor / data importer) located outside the EU/EEA are used acutally by the European Commission.
2) Indication of whether, which and for what purpose such personal data processing services of organizations located within the EU/EEA, but with subcontractors outside the EU/EEA, are actually used by the European Commission.
3) Per individual of these services with the aforementioned third country references:
a) I request an indication as to whether and which transfers pursuant to Art. 44 et seq. GDPR are triggered by the use of these services.
b) I ask for all contracts concluded with the providers of these services in this respect, which are necessary under data protection law, or for a missing indication if there are no such contracts. In particular, namely: contract for commissioned processing according to Art. 28 DSGVO as well as standard data protection clauses according to Art. 46 GDPR.
c) I request the provision of the documented "Transfer Impact Assessment" required according to clause 14 of the current standard data protection clause sets of the EU Commission or the documented "Transfer Impact Assessment" required according to Art. 46 (1) GDPR in conjunction with the principles from ECJ judgment "Schrems II" regarding the data transfers associated with the use of such services.
It should be possible to find the above information without major effort, in particular by means of corresponding information and links in the official processing directory pursuant to Art. 30 GDPR to which, as DPOs, they should already have easy access by law.
Thank you for your request for access to documents.
Unfortunately, you have not indicated your postal address. This is
necessary for registering and handling your request in line with the
Please send us your full postal address at your earliest convenience.
Pending your reply, we reserve the right to refuse the registration of
Please accept our sincere apologies for the late reaction; your initial
request was discovered in the Junk mail folder of the DPO’s office.
ACCESS TO DOCUMENTS TEAM (GD)
Dear SG ACCES DOCUMENTS,
i will repeat my request via https://ec.europa.eu/transparency/regdoc.... Thank you for your support.