Pairing up Cybersecurity and Data Protection Efforts: EDPS and ENISA sign Memorandum of Understanding

Back to News

The European Data Protection Supervisor (EDPS) and the European Union Agency for Cybersecurity (ENISA) sign a Memorandum of Understanding (MoU) which establishes a strategic cooperation framework between them.

Both organisations agree to consider designing, developing and delivering capacity building, awareness-raising activities, as well as cooperating on policy related matters on topics of common interest, and contributing to similar activities organised by other EU institutions, bodies, offices and agencies (EUIBAs).

Wojciech Wiewiórowski, EDPS, said: “Today's MoU formalises the EDPS and ENISA's cooperation, which has been ongoing for several years. The document establishes strategic cooperation to address issues of common concern, such as cybersecurity as a way of protecting individuals’ personal data. Cybersecurity and data protection go hand in hand and are two essential allies for the protection of individuals and their rights. Privacy-enhancing technologies are a good example of this.”

Juhan Lepassaar, ENISA Executive Director, said:The Memorandum of Understanding between EDPS and ENISA will allow us to address cybersecurity and privacy challenges in a holistic manner and assist EUIBAs in improving their preparedness."

Read the Memorandum of Understanding

The MoU includes a strategic plan to promote the awareness of cyber hygiene, privacy and data protection amongst EUIBAs. The plan also aims to promote a joint approach to cybersecurity aspects of data protection, to adopt privacy-enhancing technologies, and to strengthen the capacities and skills of EUIBAs.

About the EDPS

The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.

The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.

Wojciech Wiewiórowski (EDPS), was appointed by a joint decision of the European Parliament and the Council on to serve a five-year term, beginning on 6 December 2019.

The EDPS Strategy 2020-2024 explicitly identifies ENISA as an organisation that the EDPS wishes to collaborate for a reinforced common approach to cybersecurity and data protection.

Article 33 of Regulation (EU) 2018/1725 obliges controllers to manage the risks for individuals’ fundamental rights when their personal data is processed, and to ensure a level of security appropriate in light of the risks identified by putting in place appropriate technical and organisational measures. These measures should take into account, amongst others, state-of-the-art technologies.

Article 27 of Regulation (EU) 2018/1725 obliges controllers to adopt a data protection by design and by default approach. Controllers will need to put in place at the time of determining the means for processing and at the time of the processing itself effective technical and organisational measures to be embedded in the processing. This to ensure that, by default, only personal data that is necessary for each specific purpose of the processing is processed. This should be done using, amongst others, state- of- the- art technologies.

About ENISA

The European Union Agency for Cybersecurity, ENISA, is the Union's agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, ENISA contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow. Through knowledge sharing, capacity building and awareness raising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure.

For ENISA press questions and interviews, please contact press (at) enisa.europa.eu

For EDPS press questions and interviews, please contact PresseEDPS (at) edps.europa.eu