Go back to the Europarl portal

Choisissez la langue de votre document :

  • bg - български
  • es - español
  • cs - čeština
  • da - dansk
  • de - Deutsch
  • et - eesti keel
  • el - ελληνικά
  • en - English (Selected)
  • fr - français
  • ga - Gaeilge
  • hr - hrvatski
  • it - italiano
  • lv - latviešu valoda
  • lt - lietuvių kalba
  • hu - magyar
  • mt - Malti
  • nl - Nederlands
  • pl - polski
  • pt - português
  • ro - română
  • sk - slovenčina
  • sl - slovenščina
  • fi - suomi
  • sv - svenska
Parliamentary questions
PDF 107kWORD 18k
15 December 2017
Answer given by Ms Jourová on behalf of the Commission
Question reference: E-006115/2017

The processing of personal data is subject to the Data Protection Directive(1) and shall comply with the General Data Protection Regulation(2) (GDPR) as from 25 May 2018. Both legal instruments specify certain principles for any processing activity of personal data: it must be fair and lawful, for legitimate, specified and explicit purposes, the processed data must be adequate, relevant, accurate and not excessive(3) and kept up to date and must be processed for no longer than necessary.

In addition, processing of personal data must have a legal basis such as consent or compliance with a legal obligation and respect data subjects' right, notably the rights of information, access, erasure of the data and the right to submit a complaint to a data protection supervisor.

Without prejudice to the powers of the Commission as guardian of the Treaties, the supervision and enforcement of data protection legislation falls under the remit of national authorities, in particular data protection supervisory authorities and courts.(4)

The Irish Public Services Card is mandatory for accessing a number of public services (e.g. social welfare services; first time adult passport applications; citizenship application); this obligation is laid down in Irish legislation on which the Irish Data Protection Authority has been consulted(5).

Furthermore, one of the Commission's focus in the transition period up to the entry into application of the GDPR is to work closely with Member States to ensure that their existing laws are adapted or repealed as necessary.

(1)Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.05, p. 31
(2)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), OJ L 119, 4.5.2016, p. 1‐88.
(3)In the GDPR data should be limited to what is necessary see Article 5(1)(c).
(4)Articles 22 and 28 of the presently applicable Data Protection Directive (Directive 95/46/EC) and Articles 51 and 79 of Regulation (EU) 2016/679.
(5)http://www.welfare.ie/en/pressoffice/Pages/pr290817.aspx http://www.welfare.ie/en/pressoffice/Pages/pr250817.aspx Annual Report of the Irish Data Protection Authority (p. 27) https://www.dataprotection.ie/documents/annualreports/2010AR.pdf

Legal notice