The Data Protection Officer (DPO) is a specially appointed member of the Eurojust staff. The post holder is responsible for independently overseeing the application of the data protection rules set out by the Eurojust Regulation as well as the Regulation 2018/1725 and serves as a link between the agency and the European Data Protection Supervisor (EDPS). Diana Alonso Blas is the DPO and head of data protection at Eurojust.
The Data Protection Officer is selected on the basis of professional qualities and, in particular, expert knowledge of data protection law and practice, and ability to fulfil the DPO tasks under the Eurojust Regulation and Regulation EU 2018/1725.
Eurojust has an obligation to ensure that the DPO is involved properly and in a timely manner in all issues, which relate to the protection of personal data.
Eurojust shall support the DPO in performing the tasks by providing the resources and staff necessary to carry out those tasks and by providing access to personal data and processing operations, and to maintain the DPO’s expert knowledge.
As part of the responsibilities of the role, the Data Protection Officer acts in an independent manner to ensure the rules regarding the processing and storing of personal data are correctly applied by post-holders at all times.
The DPO cannot receive any instructions regarding the carrying out of his or her tasks. The Data Protection Officer reports directly to the College in relation to operational personal data and reports to the Executive Board in relation to administrative personal data.
The DPO may be consulted by the controller and the processor, by the staff committee concerned and by any individual on any matter concerning the interpretation or application of the Eurojust Regulation and Regulation (EU) 2018/1725 without them going through the official channels. No one shall suffer prejudice on account of a matter brought to the attention of the DPO alleging that a breach of this Regulation or Regulation (EU) 2018/1725 has taken place.
In accordance with Article 38(4) of Eurojust Regulation, if the DPO considers that the provisions of Regulation (EU) 2018/1725 related to the processing of administrative personal data or that the provisions of this Regulation or of Article 3 and of Chapter IX of Regulation (EU) 2018/1725 related to the processing of operational personal data have not been complied with, she shall inform the Executive Board, requesting that it resolves the non-compliance within a specified time. If the Executive Board does not resolve the non-compliance within the specified time, the DPO shall refer the matter to the EDPS.
To monitor compliance, the DPO prepares an annual report and communicates that report to the Executive Board, to the College and to the EDPS.
In addition to liaising with the EDPS, Eurojust’s DPO is in regular contact with other relevant authorities as well as the data protection officers of other European organisations, exchanging views and helping to promote the work of Eurojust. The DPO also keeps a close eye on data protection initiatives at European level, updating Eurojust on any relevant changes or developments.
Before the start of application of the Eurojust regulation, an independent Joint Supervisory Body was responsible for external oversight of data protection at Eurojust. Documentation of the JSB can be found here.
Contact the DPO at:
Data Protection Officer, Eurojust
P.O. Box 16183, 2500 BD The Hague, Netherlands