Data protection

The right to protection of personal data is a fundamental right foreseen in the Charter of Fundamental Rights of the European Union. All personal data collected by CEPOL are processed in accordance with the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

Personal data shall only be processed for the performance of tasks carried out in the public interest on the basis of EU law or in the legitimate exercise of an official authority vested in the Agency. Alternatively, processing is lawful if it forms part of a legal or contractual obligation or when the individual concerned has given their unambiguous consent.

All processing operations of personal data shall be duly notified to the CEPOL Data Protection Officer and, if the case arises, to the European Data Protection Supervisor.

The Agency shall guarantee that the information collected is processed and/or accessed only by the members of its staff responsible of the corresponding processing operations.

As a general rule, anyone has the right to be informed about the processing of their personal data, while they will also have the right to access that information at any time and to rectify it when it is inaccurate or incomplete. Data subjects have the right to access and rectify their data on written request to be addressed to CEPOL.

Data subjects may at any time consult the CEPOL Data Protection Officer or have recourse to the European Data Protection Supervisor.

CEPOL's Privacy Statements and Policies:


Registry of data processing operations

In accordance with article 31 of Regulation (EU) 2018/1725 (EU-GDPR), the European Union Agency for Law Enforcement Training (CEPOL) maintains a central registry of record about its personal data processing activities.

The record is divided in two parts. The first part, so called “Record of data processing operations”, contains the following information:

  • Contact details of the controller, the data protection officer and, if applicable, the processor the co-controller(s) and the joint controller(s);
  • Purpose of processing;
  • Categories of data subjects and personal data;
  • Categories of recipients to whom the personal data have been or will be disclosed;
  • Transfer of personal data to third countries or international organisations and suitable safeguards, if applicable;
  • The envisaged time limits for erasure of the different categories of data;
  • Technical and organisational data protection security measures.

The second part of the record, “Compliance and risks checks”, provides the data subjects more information on how CEPOL is complying with the general principles set in the EU-GDPR (lawfulness, purpose definition, data minimisation, accuracy, storage limitation, transparency, access and others rights of data subjects, integrity and confidentiality).

This central registry shall be updated as and when necessary.

(latest version: June 2022)


Office address

European Union Agency for Law Enforcement Training
1066 Budapest
Ó utca 27

Correspondence address

European Union Agency for Law Enforcement Training
1903 Budapest

Email address

Telephone: +36 1 803 8030/8031

Fax: +36 1 803 8032