Data Protection Officer

ENISA has a Data Protection Officer, whose role is to ensure, in an independent manner, the internal application of the provisions of the Regulation (EU) 2018/1725 at ENISA.

The role and tasks of the DPO are mandated under articles 43 to 45 of the Regulation and include the following main elements:

  • Inform and advise ENISA on its obligations as provided in Regulation (EU) 2018/1725, including on the records of processing activities, the conduction of Data Protection Impact Assessments and the notification of personal data breaches;
  • Monitor and support the implementation and application of ENISA’s policies in relation to the protection of personal data, including by awareness raising, training of staff and relevant audits;
  • Ensure that data subjects are informed of their rights and obligations and that their rights and freedoms are not adversely affected by ENISA’s processing activities;
  • Act as ENISA’s point of contact for EDPS on issues related to the processing of personal data; co-operate and consult with EPDS whenever needed.

In compliance with Regulation (EU) 2018/1725, ENISA has also adopted further Implementing Rules concerning the tasks, duties and powers of the DPO.

The ENISA’s DPO may be contacted at any time at dataprotection [at] enisa.europa.eu

For a list of DPOs of all EU institutions and agencies, please visit: https://edps.europa.eu/data-protection/eu-institutions-dpo/network-dpos_en