Data Protection at eu-LISA

eu-LISA is highly committed to processing personal data in a lawful way

When eu-LISA processes personal data, it ensures the respect of rights to privacy and data protection foreseen by Articles 7 and 8 of the Charter of Fundamental Rights of the European Union. In this regard, eu-LISA processes any personal data collected according to the provisions in Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data. In complement to this text, the Decision of the Management on implementing rules relating to Regulation (EC) No 2018/1275 also governs the processing of personal data by eu-LISA.

eu-LISA only processes personal data for the performance of tasks carried out in the public interest in accordance with European Union law or whilst legitimately exercising the official authority vested to the Agency. Furthermore, the processing of personal data is lawful as a part of a legal or contractual obligation or when the data subject concerned has given his or her unambiguous consent. In any case, eu-LISA will not process personal data for marketing or commercial purposes.

A "Contact" form is available on the eu-LISA website. When a data subject sends a message to eu-LISA, his or her personal data (surname, first name and email address) will only be used to the extent necessary to reply to the query. In this regard, please consult the privacy notice. For more information pertaining to the way eu-LISA handles queries, please refer to the data subject rights section.

eu-LISA's website provides links to other European Union institutional websites, within the '' domain. Since these are not administered by eu-LISA, we encourage you to review their privacy policies.

In order to ensure that personal data is processed lawfully, eu-LISA appointed a Data Protection Officer that controls the correct application of the data protection principles at the Agency.


The Supervisory Authority, in terms of processing personal data, is the European Data Protection Supervisor (EDPS). The EDPS is responsible for the monitoring of European Union institutions and bodies and their compliance with data protection rules, ensuring that the rights to privacy and data protection, as fundamental human rights, are respected. For more information about the EDPS, please refer to this website.