Data protection records

All EU institutions have the legal obligation to keep a central register of records of activities processing personal data (Article 31 of Regulation 2018/1725).

The register shall contain at least the following information (Article 31(1) of the Regulation):

  • name and contact details of the controller, the data protection officer and, where applicable, the processor and the joint controller;
  • the purposes of the processing;
  • description of the categories of data subjects and of the categories of personal data;
  • the categories of recipients to whom the personal data have been or will be disclosed;
  • where applicable, transfers of personal data to a third country or an international organisation and the documentation of suitable safeguards;
  • where possible, the envisaged time limits for erasure of the different categories of data;
  • where possible, a general description of the technical and organisational security measures to protect those personal data.

The list of records of EMCDDA activities processing personal data is below.

Title Reference Last update
EMCDDA Personal Data Protection Record on the ESCAPE platform (DPO-050) DPO-050
EMCDDA Personal Data Protection Record on the ESCAPE platform (DPO-049) DPO-049
EMCDDA Personal Data Protection Record on Trusted Meetings Service (DPO-048) DPO-048
EMCDDA Personal Data Protection Record on EMCDDA e-mail updates via Mailchimp (DPO-047) DPO-047
EMCDDA Personal Data Protection Record on Documenta (DP0-46) DPO-46
EMCDDA Personal Data Protection Record on HumHub (DPO-045) DPO-045
EMCDDA Personal Data Protection Record on: Network traffic interception and filtering (DPO-007) DPO-007
EMCDDA Personal Data Protection Record on: ICT Service Desk information system (DPO-008) DPO-008
EMCDDA Personal Data Protection Record on: Telecommunications invoice processing (DPO-009) DPO-009
EMCDDA Personal Data Protection Record on: Identity and access management (IAM) (DPO-010) DPO-010
EMCDDA Personal Data Protection Record on: Stakeholders’ relationship management system (SRIS) (DPO-011) DPO-011
EMCDDA Personal Data Protection Record on: Privileged accounts session recording (DPO-012) DPO-012
EMCDDA Personal Data Protection Record on: System and network logs collection and processing (DPO-013) DPO-013
EMCDDA Personal Data Protection Record on: Data backup processing operations (DPO-021) DPO-021
EMCDDA Personal Data Protection Record on: Data transfer for identity federation (DPO-001) DPO-001
EMCDDA Personal Data Protection Record on EMCDDA policy of dignity and respect (DPO-002) and privacy statement DPO-002
EMCDDA Personal Data Protection Record on certification procedure of EMCDDA officials (DPO-025) DPO-025
EMCDDA Personal Data Protection: Record on recruitments of trainees (DPO-027) DPO-027
EMCDDA Personal Data Protection Record on registration of the EMCDDA staff under special Identification card with the Protocol Service of the Portuguese Ministry of Foreign Affairs (DPO-022) DPO-022
EMCDDA Personal Data Protection Record on recruitment of seconded national experts (SNEs) (DPO-015) DPO-015
EMCDDA Personal Data Protection Record on registration of the EMCDDA staff members’ vehicles under special series with the Protocol Service of the Portuguese Ministry of Foreign Affairs (DPO-036) DPO-036
EMCDDA Personal Data Protection Record on Galp Frota’ cards (DPO-017) DPO-017
EMCDDA Personal Data Protection Record on MEDICAL FILES (DPO-004) DPO-004
EMCDDA Personal Data Protection Record on Leave, absences and teleworking (DPO-019) DPO-019
EMCDDA Personal Data Protection Record on Recruitment (DPO-016) DPO-016
EMCDDA Personal Data Protection Record on: Probation period and managerial probation period of the EMCDDA Director (DPO-030 A) DPO-030 A
EMCDDA Personal Data Protection Record on selection and appointment of confidential counsellors (DPO-020) DPO-020
EMCDDA Personal Data Protection Record on: EMCDDA annual appraisal of the EMCDDA Director (DPO-031) DPO-031
EMCDDA Personal Data Protection Record on: Probration period of the EMCDDA staff (DPO-035) DPO-035
EMCDDA Personal Data Protection Record on EMCDDA promotion of officials, and reclassification of temporary and contract agents (DPO-023) DPO-023
EMCDDA Personal Data Protection Record on EMCDDA human resources database (HR database) (DPO-032) DPO-032
EMCDDA Personal Data Protection Record on administrative enquiries and disciplinary procedures (DPO-034) DPO-034
EMCDDA Personal Data Protection Record on internal procedures and guidelines on whistleblowing (DPO-037) DPO-037
EMCDDA Personal Data Protection Record on Article 45(2) of the Staff Regulations (DPO-018) DPO-018
EMCDDA Personal Data Protection Record on Annual appraisal of the EMCDDA staff (DPO-003 and DPO 022) DPO-003 and DPO 022
EMCDDA Personal Data Protection Record and compliance checklist on probation period of the EMCDDA staff (DPO-035) DPO-035
EMCDDA Personal Data Protection Record on: CCTV camera recordings outside of the building (DPO-028) DPO-028
EMCDDA Personal Data Protection Record on CCTV camera recordings inside of the building (DPO-029) DPO-029
EMCDDA Personal Data Protection Record on: Issuance of Laissez Passer Passport (DPO-043) DPO-043
Data protection record on EMCDDA wardens (DPO-038) DPO-038

Top