Guidelines on the protection of personal data in IT governance and IT management of EU institutions

The purpose of these Guidelines is to give EU institutions practical advice on the processing of personal data through the entire lifecycle of an information system in order to ensure compliance with data controllers' legal responsibilities. Nevertheless, EU institutions remain accountable for the adequate processing of personal data according to data protection requirements.

Source: edps.europa.eu