Sitemap

• The Institution
  • Commission
    • The Board
    • Authorities
    • History
  • Strategy of the Commission for Personal Data Protection for development in the area of personal data protection (Horizon 2022)
    • Mission and Vision
    • Strategy Horizon 2022
    • Action plan
  • Administration
    • Structure
    • Secretary General
    • Financial Controller
    • General administration
    • Specialized administration
  • CPDP's Annual Reports
  • Projects of the Commission for Personal Data Protection
    • Projects under Rights, Equality and Citizenship Programme 2014-2020
    • Projects under Erasmus+ Programme
    • Projects under „Prevention of and Fight Against Crime” Programme (ISEC) of the European Union
    • Projects under „Leonardo da Vinci” Programme
    • Projects under Operational Programme „Administrative Capacity”
• Legislation
  • EU Data Protection Legal Framework (applicable from May 2018)
    • General Data Protection Regulation (Regulation (EU) 2016/679)
    • Directive on Data Protection in Police and Criminal Justice Activities (Directive (EU) 2016/680)
  • National Legal Framework
    • Constitution of the Republic of Bulgaria
    • Personal Data Protection Act
    • Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches (Whistleblowers Protection Act)
    • Rules on the Activity of the Commission for Personal Data Protection and its Administration
    • Ordinance № 1 dated 30 January 2013 on the minimum level of technical and organizational measures and the admissible type of personal data protection – repealed as of 25 May 2018
  • Other International and European Acts
    • The universal declaration of human rights
    • Convention for the protection of human rights and fundamental freedoms
    • Convention 108 for the protection of individuals with regard to automatic processing of personal data
    • Charter of Fundamental Rights of the European Union
    • Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector
    • Regulation (EU) 2021/1232 14 July 2021 on a temporary derogation from certain provisions of Directive 2002/58/EC
    • Directive (EU) 2016/681 on the Use of Passenger Name Record Data
    • Regulation (EU) 2019/788 on the citizens’ initiative
    • Commission Regulation (EU) 611/2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC of the European Parliament and of the Council on privacy and electronic communications
    • Regulation (EU) 2022/868 (Data Governance Act)
    • Regulation (EU) 2022/1925 (Digital Markets Act)
    • Regulation (EU) 2022/2065 (Digital Services Act)
    • Schengen Acquis
• Guidelines
  • European Data Protection Board
    • Guidelines of the European Data Protection Board
    • Guidelines of Article 29 Working Party on the application of the General Data Protection Regulation, accepted and approved by EDPB
    • Frequently Asked Questions about the judgment of the Court of Justice of the European Union in the Schrems case
  • Personal data protection in the election process
    • Guidelines of the CEC and CPDP on the processing and protection of personal data in the election process
  • Council of Europe
    • Guidelines on Safeguarding Privacy in the Media
  • Data Protection Impact Assessment
    • List of processing operations requiring data protection impact assessment (DPIA) pursuant to Art. 35, paragraph 4 of Regulation (EU) 2016/679
    • Guidelines on Data Protection Impact Assessment and determining whether processing is „likely to result in a high risk”
• Practice
  • In this section practice of the CPDP is published.
    • Decisions and opinions on complaints, signals and other requests
    • Binding prescriptions
    • Information about the control activities
    • Decisions of the Supreme Administrative Court and Administrative Court, Sofia City on the acts of the Commission for Personal Data Protection
  • The section is supported only in Bulgarian.
• Contacts
• Lodging complaints and alerts
• Submission of notifications
• Administrative service
  • This section provides information on the administrative services provided by the CPDP and the access to public information.
  • The section is supported only in Bulgarian.
• Public registers
• Data Protection Officer
• Useful information
  • Awareness-raising brochures of CPDP on the Regulation (EU) 2016/679 (GDPR)
    • Legal grounds for lawful personal data processing
    • Transfers of Personal Data to Third Countries
  • Awareness-raising materials on the Regulation (EU) 2016/679 (General Data Protection Regulation)
    • Guidance on the new European data protection framework
    • GDPR and your rights. Data protection, a fundamental right for every EU data subject - brochure issued by EDPB
    • Consent under the General Data Protection Regulation
    • „GDPR in Your Pocket” mobile app
    • Self-Assessment tool for small and medium enterprises to assess their compliance with the General Data Protection Regulation
    • Actions of data controllers in the event of a personal data breach
  • Issues of high public interest
    • IMPORTANT! The obligation on data controllers to register in CPDP falls out
    • Who can make a copy of your ID card?
    • Information on the implementation of Regulation (EU) 211/2011 of the European Parliament and of the Council on the Citizens’ initiative
    • Exercising the right of access to personal data by receiving copies of documents, containing other personal data
  • CPDP supervisory activity
    • Instruction for implementation of the CPDP supervisory activity
    • Annex № 1 to the Instruction for implementation of the CPDP supervisory activity. Methodology for determining the level of risk in case of breaches of personal data security.
    • Annex № 2 to the Instruction for implementation of the CPDP supervisory activity. Questionnaire for carrying out inspections during the implementation of the CPDP supervisory activity
  • Privacy protection in the workplace
    • Guide for employees working in the EU
  • Innovations
    • ISO/IEC 27018:2014 – a voluntary international code of practice governing the processing of personal information by cloud service providers
  • Interactive resources
    • Informative videos „Privacy in the Digital World”
    • Information video "10 tips to protect yourself online"
• International Cooperation
  • European Union cooperation
    • European Data Protection Board
    • Coordinated Supervision Committee
    • European Data Protection Supervisor
    • Joint Supervisory Body of Europol
    • Schengen Information System II Supervision Coordination Group
    • Eurodac Supervision Coordination Group
    • Customs Information System Supervision Coordination Group
    • Visa Information System Supervision Coordination Group
  • Cooperation with international organizations
    • Council of Europe
    • Organisation for Economic Co-operation and Development
    • Global Privacy Assembly
    • International Working Group on Data Protection in Telecommunications
  • Cooperation on international projects
    • Projects under Rights, Equality and Citizenship Programme 2014 - 2020
    • Projects under Erasmus + Programme
• Data transfers to third countries
  • Data transfers to third countries and international organizations in accordance with Regulation (EU) 2016/679
    • The Terrorist Finance Tracking Programme
    • Arrangements for the processing and transfer of passenger name records (PNR)
    • Commission’s Decisions on the adequate level of personal data protection
    • Commission’s Decisions on Standard Contractual Clauses for the transfer of personal data to third countries
    • Data processing and transfer using Binding Corporate Rules
    • Other possibilities for data transfer laid down in art. 46 and art. 49 of GDPR
    • Frequently Asked Questions about the judgment of the Court of Justice of the European Union in the Schrems case
    • Guidelines and Recommendations of the EDPB
  • CPDP Information brochure „Transfers of Personal Data to Third Countries”
  • Data transfers in accordance with Convention 108 of the Council of Europe
    • General provisions
    • Specific tools
    • Documents relating to data transfers under Convention 108 adopted by the Council of Europe
• Schengen Area
  • Rights of individuals and data protection
    • Rights of individuals whose data is processed in the SIS II
    • Data in the SIS II and retention periods
    • Control upon data processing and functioning of N.SIS
    • Authorities responsible for entering, updating and deleting SIS II national alerts
    • Access to SIS II data
    • Guide for exercising the right of access to the SIS II
    • Rights of individuals in the National Visa Information System
    • Model Letters for Requesting Information from SIS II
  • Additional information
    • What is the Schengen area?
    • National Schengen Information System (N.SIS II)
    • National Visa Information System
  • Schengen related Information materials
    • Commission for Personal Data Protection Information brochures
    • European Commission Information brochures
    • Information brochures of the Council of the European Union
  • Contacts with authorities responsible for entering, updating and deleting national alerts in SIS II and other large-scale EU information systems
  • Legislation
  • Frequently asked questions
• Links
• Sitemap
• CJEU Jurisprudence
• Privacy notice
• News
• Conferences
• Photo gallery
• Adopted forms under Whistleblowers Protection Act
  • Form for registering a report under Whistleblowers Protection Act
  • Model of the Register of reports under Art. 18, para. 2 of Whistleblowers Protection Act

print