Activities of Cecilia WIKSTRÖM related to 2017/0145(COD)
Shadow reports (1)
REPORT on the proposal for a regulation of the European Parliament and of the Council on the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, and amending Regulation (EC) 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) 1077/2011 PDF (995 KB) DOC (153 KB)
Amendments (7)
Amendment 70 #
Proposal for a regulation
Recital 23
Recital 23
(23) The Member States and the Commission should be represented on a Management Board, in order to control the functions of the Agency effectively. The Management Board should be entrusted with the necessary functions, in particular to adopt the annual work programme, carry out its functions relating to the Agency’s budget, adopt the financial rules applicable to the Agency, appoint an Executive Director and establish procedures for taking decisions relating to the operational tasks of the Agency by the Executive Director. The Management Board should carry out these tasks in an efficient and transparent way. The Agency should be governed and operated taking into account the principles of the Common approach on Union decentralised agencies adopted on 19 July 2012 by the European Parliament, the Council and the Commission.
Amendment 89 #
Proposal for a regulation
Article 2 – paragraph 1 – point f
Article 2 – paragraph 1 – point f
(f) a high level of data protection, in accordance with the applicable ruledata protection acquis, including specific provisions for each large-scale IT system;
Amendment 91 #
Proposal for a regulation
Article 2 – paragraph 1 – point g
Article 2 – paragraph 1 – point g
(g) an appropriate level of data and physical security, through the implementation of a proper Information Security Risk Management Process (ISRM) and in accordance with the applicable rules, including specific provisions for each large-scale IT system.
Amendment 95 #
Proposal for a regulation
Article 7 – paragraph 3
Article 7 – paragraph 3
3. Appropriate measures including security plansthe implementation of a proper Information Security Management System (ISMS) shall be adopted by the Agency inter alia, to prevent the unauthorised reading, copying, modification or deletion of personal data during transfers of personal data or transport of data media, in particular by means of appropriate encryption techniques. All system-related operational information circulating in the communication infrastructure shall be encrypted.
Amendment 133 #
Proposal for a regulation
Article 15 – paragraph 1 – point y
Article 15 – paragraph 1 – point y
(y) adopt the necessary security measures, including a security planproper Information Security Risk Management Process (ISRM) and a business continuity and disaster recovery plan, taking into account the possible recommendations of the security experts present in the Advisory Groups;
Amendment 145 #
Proposal for a regulation
Article 21 – paragraph 3 – point r
Article 21 – paragraph 3 – point r
(r) preparing the necessary security measures including a security planproper Information Security Risk Management Process (ISRM), and a business continuity and disaster recovery plan and submitting them to the Management Board for adoption;
Amendment 164 #
Proposal for a regulation
Article 32 – paragraph 2
Article 32 – paragraph 2
2. Where the Agency processes personal data for the purpose referred to paragraph 1(a), the specific provisions concerning data protection and data security of the respective legislative instruments governing the development, establishment, operation and use of the large-scale IT systems managed by the Agency shall apply. In any case, pursuant to Regulation (EC) No 45/2001, every data subject shall have the right to lodge a complaint with the European Data Protection Supervisor and have the right to a remedy before the Court of Justice of the European Union, including the right to receive compensation from the Agency, if the data subject considers that the processing of personal data relating to him or her infringes those specific provisions.