Protection of personal data at the General Secretariat of the Council

General Secretariat

The right to the protection of personal data is a fundamental right enshrined in the Treaties of the EU.

The Council of the EU and its General Secretariat strictly observe the personal data protection rules. The legal acts applicable to them are: 

Regulation 45/2001

The purpose of the regulation is to protect the freedoms and fundamental rights of individuals relating to the processing of personal data at EU institutions and bodies.

It determines the principles and obligations which the EU institutions must observe and fulfil when processing personal data. According to these principles, the EU institutions must ensure that personal data is:

  • processed only for clearly defined and legitimate purposes
  • accurate, adequate, relevant and not excessive
  • processed fairly and lawfully and in a secured manner
  • not kept longer than necessary
  • processed after having informed the individuals and respecting their rights
  • not transferred to third parties without adequate precautions.

It defines the obligations of the persons processing personal data (data controllers) and the rights of individuals whose personal data are processed (data subjects).

The regulation also provides for the appointment of a data protection officer (DPO) in each institution. 

Role of the data protection officer

The role of the DPO is to ensure in an independent manner the correct application of the data protection rules within their institution. They are also responsible for keeping a register of the personal data processing operations carried out by the institution. In addition, the DPO submits to the European Data Protection Supervisor those data processing operations which are likely to contain risks to the rights and freedoms of data subjects.

The regulation also provides for the appointment of the European Data Protection Supervisor (EDPS) at European level.

Council decision implementing regulation 45/2001

These are the rules applied by the Council of the European Union, which further develop the provisions of regulation 45/2001. They establish:

  • the status of the Council's Data Protection Officer
  • obligations of data controllers
  • procedures to be followed for the exercise of rights by data subjects
  • the procedure for investigations by the data protection officer

What is the Council's data protection register?

The register is kept by the Council's Data Protection Officer. It is a public register that can be consulted by anyone.

The register is a database that contains information about each type of personal data processing operation carried out by the Council or within the General Secretariat of the Council (GSC).

This information comprises the operation's purpose, the name of the controller, its legal basis, the data subject concerned, the recipients of the data, the type of processed data and for how long the data is stored. 

What personal data is processed at the General Secretariat of the Council?

Most of the personal data processed by the General Secretariat of the Council relates to its staff.

Personal data is also processed in relation to the activities of the Council. This data may relate to the delegates to the Council from EU member states or from third countries, to journalists and to individuals designated by Council acts.  

Other than these individuals, the personal data of citizens is for the most part only processed when they enter into contact with the General Secretariat of the Council, for example, if they request a document, are a visitor to the Council buildings or have entered a contract with the GSC. 

Video surveillance in the premises of the General Secretariat of the Council

For the safety and security of our staff, visitors, buildings, assets and information, and for logistical reasons, some parts of GSC premises are equipped with a video protection system.

GSC policy on the use of video systems describes the safeguards taken to protect the personal data, privacy and other fundamental rights and legitimate interests of individuals viewed by video protection cameras on GSC premises.

The policy fully complies with the requirements of the data protection regulation and with the European Data Protection Supervisor's video surveillance guidelines. 

Practical information about your data protection

How can you find out if the GSC is processing your personal data?

The Council's register of personal data processing operations will help you find what types of data processing operations may be applicable to you.

What are your rights as a data subject?

As a data subject you have the right to:

  • be informed of the existence of a data processing operation concerning you and its main characteristics
  • obtain communication of the data undergoing processing
  • obtain rectification from the controller without delay of any inaccurate or incomplete personal data

In certain circumstances you may ask the data controller to exercise your specific rights, such as the blocking or erasure of data.

Requests can be submitted using a form made available by the Council's Data Protection Officer. You can obtain the request form by email. Please indicate in which language you will need the form.

Send an email 

Section 5 of the Council decision implementing rules on data protection determines the procedure to be followed for the exercise of those rights.

You may also lodge a complaint with the European Data Protection Supervisor at any time. Further information is available on the EDPS website. 


Data controllers

If you need more information about a particular data processing operation, you should contact the data controller of the processing operation, with a copy to the Data Protection Officer.

The identity and contact details of each data controller are indicated in the register of data processing operations. 

Data Protection Officer

You may contact the Data Protection Officer for advice or for requests to investigate a particular matter or occurrence directly related to the data protection officer's tasks. Contact the data protection officer by email. Please indicate the language of your preference.

Data Protection Officer
General Secretariat of the Council
Rue de la Loi/Wetstraat 175
B-1048 Bruxelles/Brussel

Tel: + 32 22816111
Send an email

Video surveillance

You may use this form to make your request.

For access to your personal data collected as a result of video camera use on our premises, please address you request to:

Director of the Security Office 
Rue de la Loi/Wetstraat 175  
B-1048 Bruxelles/Brussel 

With a copy to:

Data Protection Officer 
Rue de la Loi/Wetstraat 175  
B-1048 Bruxelles/Brussel 

Please note: You must attach a recent good quality photograph of yourself as well as a copy of your identity card/passport to your request.