Concerning protection of personal data, related to the Case T-881/16, the administration is responsible for data breaches.

The General Court has rendered an interesting judgement regarding the private data protection of EU staff.

The Court underlined that any data breach allowing non qualified staff to have access to the personal file of a staff member renders the administration liable to pay moral compensation.

The mere fact of not having adequately protected the personal file of a staff member is by definition an illegal act. The apologies by the head of administration are not sufficient to repair the damage caused. The administration can also not hide behind technical difficulties or human errors.

A clear warning for our administrations: personal data protection is being enforced, also inside the EU institutions and bodies.

Reminder, as a public service worker you have the right to :

  • information about the processing of your personal data;
  • obtain access to the personal data held about you;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased when it’s no longer needed or if processing it is unlawful;
  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
  • request the restriction of the processing of your personal data in specific cases;
  • receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
  • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.