Journal №1-2 (2025)
From a Data Protection Authority to a Data Controller ― Experiences within Eurostat
∘ Endre Győző Szabó ∘

Moving from a supervisory role to advising a data controller involves a shift in responsibility and perspective. When advising a data controller, further to general knowledge, the legal experts need sector-specific knowledge to advice data controllers effectively. Networking with other experts is crucial to ensure that high level of expertise is available. Even if not expressly mandated, privacy professionals have a prominent role in building data protection culture in the given organization. This includes prominently raising awareness of data protection among staff members. Statistical confidentiality naturally aligns with data protection needs. Successful enforcement involves constructive collaboration with respondents and feasible solutions. The EU has introduced significant changes in the statistical framework in 2024 through the amendments to the Regulation on European statistics. In recent years, the emphasis shifted from survey data to administrative data and new technologies. Private data holders are obliged under the new framework to provide data for free to produce European statistics. National Statistical Institutes and Eurostat can access personal data under strict conditions when requesting privately held data. This general provision needs to be complemented with a sectoral legislative act, listing the categories of personal data that may be accessed. When accessing and processing personal data for statistical purposes, both GDPR and EU DPR continue to apply. The essay concludes that privacy professionals are integral to their organizations, contributing to mission success. They suggest optimal, lawful adjustments whenever necessary and foster a data protection culture. Ensuring compliance and trust-building is fundamental in producing official statistics.

See in detail: 

---