The European Commission processes personal data in the context of its competition investigations and enforcement activities in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
Regulation (EU) 2018/1725 is the legal basis for the processing of personal data by the EU institutions, which brings the legal regime applicable to EU institutions into line with the General Data Protection Regulation applicable in the Member States (GDPR - Regulation (EU) 2016/679).
Interaction with the GDPR
The European Data Protection Supervisor (EDPS) has provided clarifications relating to the implications of GDPR on investigative activities of EU institutions, including competition.
Commission Decision (EU) 2018/1927 of 5 December 2018 laying down internal rules concerning the processing of personal data by the European Commission in the field of competition in relation to the provision of information to data subjects and the restriction of certain rights. This decision ensures the balance between the rights of the data subjects and the efficiency of competition investigations.
Data protection notices
In accordance with Regulation (EU) 2018/1725, DG Competition provides the information on the processing of personal data through data protection notices explaining, for each policy area, the reason for the processing, the way data are collected, handled and protected, how that information is used and what rights you may exercise in relation to your data:
Privacy statement relating to Antitrust investigations
Privacy statement relating to Merger investigations
Privacy statement relating to State aid investigations
Privacy statement relating to the application of the Digital Markets Act
Here you can find further information about the processing operations in the public register of records accessible to any interested person.
The public register is kept by the Data Protection Officer (DPO).
- The contact details of the DPO: firstname.lastname@example.org
- EDPS - European Data Protection Supervisor