Internal security

Internal security incident investigations

SRB Data Protection General Notice informing on the possible restrictions in the area of internal security incident investigations

The purpose of the present processing operation is to send information on data subjects in the framework of conducting internal security incident investigations. It should also include assistance and cooperation provided by the SRB Security/Facilities to national authorities, Belgian Law forces, OLAF, the Commissions’ Investigation and Disciplinary Office (“IDOC”), the Emergency services and international organisations outside of its administrative investigations. Within this context, you have the rights of access, rectification, right to erasure, to restriction of processing, of notification in case of rectification, erasure or restriction of processing and right to data portability. A breach concerning your personal data shall be communicated to you under certain circumstances. The institution shall also ensure the confidentiality of electronic communications. Nevertheless, you should be informed that by virtue of Article 25 of Regulation No. 2018/1725 and of the Internal Rules laid down under Decision SRB/ES/2019/34, one or several of these rights may be restricted for a temporary period of time inter alia on the grounds of prevention, investigation, detection and prosecution of criminal offences or security incident investigations. Any such restriction will be limited in time, proportionate and respect the essence of the above-mentioned rights. It will be lifted as soon as the circumstances justifying the restriction are no longer applicable. You will receive a more specific data protection notice when this period has passed. As a general rule, you will be informed on the principal reasons for a restriction unless this information would cancel the effect of the restriction as such. You have the right to make a complaint to the EDPS concerning the scope of the restriction

Background

Regulation (EU) 2018/1725 establishes a number of new obligations in terms of data protection, including the adoption of internal rules by the European Institutions and bodies when they see the need for a restriction of any rights to data protection for specific purposes as stipulated in Art. 25(1) of Regulation (EU) 2018/1725.

This concerns in particular the need to facilitate and protect the conduct of certain investigations. The purpose of such investigations could be jeopardized, if individuals could exercise their data protection rights freely at any moment during these investigations. For instance, they could ask for access to all communications concerning their person, be it in the context of an eventual investigation. At the same time, it must be noted that any restrictions must be kept as narrow as possible in scope and as limited as possible in time.

With the general notice on the restriction of data subjects’ rights, individuals are informed about the possible restriction of some of their data protection rights