Sitemap

• The Institution
  • Commission
    • The Board
    • Authorities
    • History
  • Strategy of the Commission for Personal Data Protection for development in the area of personal data protection (Horizon 2022)
    • Mission and Vision
    • Strategy Horizon 2022
    • Action plan
  • Administration
    • Structure
    • Secretary General
    • Financial Controller
    • General administration
    • Specialized administration
  • Projects of the Commission for Personal Data Protection
    • Projects under Rights, Equality and Citizenship Programme 2014-2020
    • Projects under Erasmus+ Programme
    • Projects under „Prevention of and Fight Against Crime” Programme (ISEC) of the European Union
    • Projects under „Leonardo da Vinci” Programme
    • Projects under Operational Programme „Administrative Capacity”
• Legislation
  • EU Data Protection Legal Framework (applicable from May 2018)
    • General Data Protection Regulation (Regulation (EU) 2016/679)
    • Directive on Data Protection in Police and Criminal Justice Activities (Directive (EU) 2016/680)
  • National Legal Framework
    • Constitution of the Republic of Bulgaria
    • Personal Data Protection Act
    • Electronic Communications Act
    • Act on the Measures and Actions During the State of Emergency Declared with the Decision of the National Assembly of March 13th, 2020
    • Rules on the Activity of the Commission for Personal Data Protection and its Administration
    • Ordinance № 1 dated 30 January 2013 on the minimum level of technical and organizational measures and the admissible type of personal data protection – repealed as of 25 May 2018
  • Other International and European Acts
    • The universal declaration of human rights
    • Convention for the protection of human rights and fundamental freedoms
    • Convention 108 for the protection of individuals with regard to automatic processing of personal data
    • Charter of Fundamental Rights of the European Union
    • Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector
    • Directive (EU) 2016/681 on the Use of Passenger Name Record Data
    • Regulation (EU) 2019/788 on the citizens’ initiative
    • Commission Regulation (EU) 611/2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC of the European Parliament and of the Council on privacy and electronic communications
    • Schengen Acquis
• Guidelines
  • European Data Protection Board
    • Guidelines of the European Data Protection Board
    • Guidelines of Article 29 Working Party on the application of the General Data Protection Regulation, accepted and approved by EDPB
    • Statement of the European Data Protection Board on the elections for European Parliament
    • Statement of the European Data Protection Board on the processing of personal data in the context of the COVID-19 outbreak
    • Frequently Asked Questions about the judgment of the Court of Justice of the European Union in the Schrems case
  • Personal data protection in the election process
    • Guidelines of the CEC and CPDP on the processing and protection of personal data in the election process
  • Council of Europe
    • Guidelines on Safeguarding Privacy in the Media
  • Data Protection Impact Assessment
    • List of processing operations requiring data protection impact assessment (DPIA) pursuant to Art. 35, paragraph 4 of Regulation (EU) 2016/679
    • Guidelines on Data Protection Impact Assessment and determining whether processing is „likely to result in a high risk”
• Practice
  • In this section practice of the CPDP is published.
    • Decisions and opinions on complaints, signals and other requests
    • Binding prescriptions
    • Information about the control activities
    • Decisions of the Supreme Administrative Court and Administrative Court, Sofia City on the acts of the Commission for Personal Data Protection
  • The section is supported only in Bulgarian.
  • In this section practice of the CPDP is published.
    • Decisions and opinions on complaints, signals and other requests
    • Binding prescriptions
    • Information about the control activities
    • Decisions of the Supreme Administrative Court and Administrative Court, Sofia City on the acts of the Commission for Personal Data Protection
• Contacts
• Useful information
  • Awareness-raising materials on the Regulation (EU) 2016/679 (General Data Protection Regulation)
    • Guidance on the new European data protection framework
    • Legal grounds for lawful personal data processing
    • GDPR and your rights. Data protection, a fundamental right for every EU data subject
    • Consent under the General Data Protection Regulation
    • „GDPR in Your Pocket” mobile app
    • Self-Assessment tool for small and medium enterprises to assess their compliance with the General Data Protection Regulation
  • Issues of high public interest
    • IMPORTANT! The obligation on data controllers to register in CPDP falls out
    • Who can make a copy of your ID card?
    • The video surveillance
    • Your personal data and the internet – advices for children
    • Your personal data and the internet – advices for parents
    • Information on the implementation of Regulation (EU) 211/2011 of the European Parliament and of the Council on the Citizens’ initiative
    • Exercising the right of access to personal data by receiving copies of documents, containing other personal data
  • Privacy protection in the workplace
    • Guide for employees working in the EU
  • Data transfers
    • Commission’s Decisions on the adequate level of personal data protection
    • Commission’s Decisions on standard contractual clauses for the transfer of personal data to third countries
    • EU-U.S. Privacy Shield
  • Innovations
    • ISO/IEC 27018:2014 – a voluntary international code of practice governing the processing of personal information by cloud service providers
• Data Protection Officer
• Submission of notifications
• Complaints
• International Cooperation
  • European Data Protection Board (EDPB)
  • Article 29 Data Protection Working Party set up under Directive 95/46/EC - closed with the establishment of the European Data Protection Board
  • European Data Protection Supervisor (EDPS)
  • Joint Supervisory Bodies and Working Parties to the EU Council
    • Joint Supervisory Body of Europol
    • Schengen Joint Supervisory Authority
    • Customs Joint Supervisory Authority
    • Working Party on Police and Justice
  • Data Protection Groups to the European Data Protection Supervisor
    • Eurodac Supervision Coordination Group
  • Participation in International Organizations and Forа
    • International Conference of Data Protection and Privacy Commissioners
    • International Working Group on Data Protection in Telecommunications
  • Terrorist Finance Tracking Program
    • Basic information
    • Agreement between the European Union and the United States of America
    • Procedure for application for access to and/or rectification, erasure or blocking of personal data held pursuant to the U.S. Terrorist Finance Tracking Program (TFTP)
• Schengen Area
  • Legal framework
    • Council Decision (EU) 2018/934 on the putting into effect of the remaining provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania
    • Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data
    • Schengen acquis
    • Convention for Implementing the Schengen Agreement
    • Regulation (EU) 2016/399 on a Schengen Borders Code
    • Regulation (EC) № 1987/2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II)
    • Council Decision 2007/533/JHA on the establishment, operation and use of the second generation Schengen Information System (SIS II)
    • Council Decision relating to the Schengen Information System in the Republic of Bulgaria and Romania
  • Data protection in the Schengen area. Your rights
    • What is the Schengen area?
    • What type of data contains the Schengen Information System (SIS II)?
    • National Schengen Information System (N.SIS II)
    • Authorities responsible for entering, updating and deleting SIS II national alerts
    • Access to the Schengen Information System II
    • N.SIS II retention period of alerts
    • Supervision and control on operation and data processing in N.SIS II
    • Identity misuse
    • Rights of individuals
    • Guide for exercising the right of access to the Schengen Information System (SIS II)
    • Model Letters for Requesting Information from SIS II
  • Personal data protection according to the Bulgarian Law for Protection of Personal Data
    • Principles of lawful processing of personal data
    • Rights of individuals
    • Protection of the rights of individuals
  • Visa Information System
    • National Visa Information System
    • Monitoring of the data processing in NVIS
    • Rights of individuals
  • Additional information
    • International cooperation
    • The Police Cooperation Convention for Southeast Europe
    • Usefull links
    • Information brochures
• Links
• Sitemap
• Privacy notice
• Annual Reports
  • Annual report of the CPDP for 2018
    • Annual report of the Commission for Personal Data Protection for 2018
  • Annual report of the CPDP for 2017
    • Annual report of the Commission for Personal Data Protection for 2017
  • Annual report of the CPDP for 2016
    • Annual report of the Commission for Personal Data Protection for 2016
  • Annual report of the CPDP for 2015
    • Annual report of the Commission for Personal Data Protection for 2015
  • Annual report of the CPDP for 2014
    • Annual report of the Commission for Personal Data Protection for 2014
  • Annual report of the CPDP for 2013
    • Annual report of the Commission for Personal Data Protection for 2013
  • Annual report of the CPDP for 2012
    • Annual report of the Commission for Personal Data Protection for 2012
  • Annual report of the CPDP for 2011
    • Annual report of the Commission for Personal Data Protection for 2011
  • Annual report of the CPDP for 2010
    • Annual report of the Commission for Personal Data Protection for 2010
  • Annual report of the CPDP for 2009
    • Annual report of the Commission for Personal Data Protection for 2009
  • Annual report of the CPDP for 2008
    • Annual report of the Commission for Personal Data Protection for 2008
  • Annual report of the CPDP for 2007
    • Annual report of the Commission for Personal Data Protection for 2007
  • Annual report of the CPDP for 2006
    • Annual report of the Commission for Personal Data Protection for 2006
• Information Bulletin
  • The Commission for Personal Data Protection issues an Information bulletin which contains information about the activities of the Commission as well as for data protection internationally.
  • The Information bulletin is issued every two months and provides information for the expired period.
  • The Information bulletin is issued only in Bulgarian.
• News
• Buyer’s Profile
  • In this section information on the Public Procurement Act is published.
  • The section is supported only in Bulgarian.
• Conference SMEData 2019
• Conference ICDPPC 2018
• Conference 2015
• Photo gallery
• Administrative service
  • This section provides information on the administrative services provided by the CPDP and the access to public information.
  • The section is supported only in Bulgarian.
• Ordinance № 1 dated 30 January 2013 – repealed as of 25.05.2018

print