In order to ensure the compliance with both Article 11.2.a of
eu-LISA's establishing Regulation and Article 24 of the
Regulation (EC) 45/2001 on the processing of personal data by European Union bodies, eu-LISA appointed a Data Protection Officer (DPO).
The main task of the DPO is to ensure, in an independent manner, the internal application of data protection requirements imposed by Regulation (EC) 45/2001 within the Agency.
The DPO's main functions are to:
inform data controllers and individuals regarding their obligations and rights;
establish a link between eu-LISA and the EDPS. The EDPS supervises the processing of personal data by the Agency. On this subject, the DPO must notify the EDPS about every high risk processing operation and respond to the EDPS requests;
guarantee the transparency of eu-LISA's processing operations. In this regard, the DPO keeps a register of all personal data processing operations performed in eu-LISA. This public document contains detailed information regarding the processing of personal data made by eu-LISA. Extracts of the register can be requested by any person in writing to the DPO. A reply must be provided within 15 working days;
advise on how to lawfully process personal data, ensuring that data controllers respect the rights to privacy and data protection in the course of their work. The DPO provides recommendations, develops guidelines to enhance good practice, organises training and awareness session for eu-LISA staff;
support the data subject on the exercise of his or her rights;
investigate any data protection related breaches.
The current DPO is Fernando POÇAS DA SILVA, appointed in 2014.
DPO Annual Work Reports:
2015 and 2016.
Regarding eu-LISA's three large-scale IT systems (Eurodac, SIS II and VIS), the Agency can not access the content of the databases without a valid technical reason. eu-LISA is the data processor, meaning that it only manages the database and acts in accordance with the specific legal framework of each large-scale IT system. For more information, please refer to the
data subject rights section.
According to Article 25 of Regulation (EC) 45/2001, eu-LISA has a legal obligation to keep a register of all personal data processing operations which have been notified to the Data Protection Officer (DPO). The register aims at ensuring transparency to the public and it is accessible to any interested person. It contains the following information:
eu-LISA Department/Unit/Sector processing personal data;
Name and Date of the processing operation;
Purpose of the processing operation;
The list displays documents in reverse chronological order and is monthly updated. In order to have further information regarding processing operations at eu-LISA, contact the DPO (firstname.lastname@example.org).