The European Court of Auditors (‘ECA’) is subject to legal obligations regarding the protection of personal data, as set out by Regulation (EU) 2018/1725(opens in new window) (‘EUDPR’).

In accordance with Article 43(1) of the EUDPR, the ECA has appointed one person as Data Protection Officer (‘DPO’). Their main duty is to work independently to ensure that the EUDPR is applied at the ECA.

Tasks of the DPO

The DPO's tasks include:

  • informing and advising persons responsible for processing personal data, including both (sub)contractors and staff, regarding their obligations and data protection rights;

  • monitoring compliance with the EUDPR and other EU legislation containing data protection provisions, including internal rules;

  • monitoring compliance with the ECA’s data protection policies and procedures, including the assignment of responsibilities;

  • raising awareness and training staff involved in processing personal data;

  • carrying out or organising audits to verify ECA compliance with data protection obligations;

  • ensuring that persons whose personal data is processed are informed of their rights under the EUDPR;

  • providing advice if a notification or communication is necessary due to a personal data breach;

  • providing advice when a data protection impact assessment is carried out, monitoring its execution and consulting the European Data Protection Supervisor (‘EDPS’) in case of doubt as to the need for a data protection impact assessment;

  • providing advice on the need for prior consultation of the EDPS, where the processing of personal data would pose a severe risk to the rights and freedoms of natural persons and the controller believes the risk cannot be mitigated by reasonable means in view of the available technologies and implementation costs;

  • responding to requests from the EDPS;

  • ensuring that the rights and freedoms of persons whose personal data is processed are not adversely affected by processing operations.

The DPO may make practical recommendations to improve data protection at the ECA.

The staff committee, data controllers, data processors, ECA staff members, and any other individual may consult the DPO on any matter concerning the interpretation or application of the EUDPR, without going through official channels.

The DPO may investigate matters and occurrences directly relating to their tasks on their own initiative or at the request of any individual, and report back to the person who commissioned the investigation.

Nobody shall suffer prejudice for contacting the DPO regarding an alleged breach of the EUDPR or other data protection rules.

Records Register

The DPO also keeps a register of all personal data processing by the ECA, which contains information explaining the purpose and conditions of processing operations.

Data Protection Day

On , the Council of Europe adopted Convention 108(opens in new window), the first legally binding international instrument on data protection. To commemorate this landmark development, the member states of the Council of Europe, as well as the EU institutions, agencies and bodies, celebrate Data Protection Day every . The purpose of the day, also known around the world as Data Privacy Day, is to raise awareness and promote best practices in privacy and data protection.

European Court of Auditors


Data Protection Officer

Office K1 2/33

12, Rue Alcide de Gasperi


Tel: +352 4398-47777


Was this page useful?

Thank you for your feedback
Sorry to hear that. Please report the issue so we can improve our website
Thank you for the information. We will investigate the issue.
What type of issue would you like to report?