OLAF has designated, pursuant to Article 10(4) of Regulation (EU, Euratom) No 883/2013 and Article 24 of Regulation (EC) No 45/2001, a Data Protection Officer (DPO). The new Regulation (EU)2018/1725 defines the role of the DPO in Articles 43-45.
The DPO ensures in an independent manner that OLAF correctly applies the rules protecting individual's personal data.
What does the Data Protection Officer do?
The tasks of the DPO are set forth in Articles 44-45 of Regulation 2018/1725. Those tasks have been described in further detail by:
- the EDPS Position Paper on the role of Data Protection Officers of the EU institutions and bodies, issued on 31 September 2018;
- the Decision of the Director General of OLAF of July 2019, adopting implementing rules concerning the Data Protection Officer pursuant to Article 45(3) of Regulation 2018/1725;
- the "Professional standards for Data Protection Officers of the EU institutions and bodies working under Regulation (EC) 45/2001", adopted by the network of EU DPOs in October 2010, and endorsed by the European Data Protection Supervisor;
Whom can you contact regarding data protection issues?
The Data Protection Officer
You may contact the DPO if you have questions relating to the interpretation and the application of Regulation (EU) 2018/1725, the protection of your personal data by OLAF. You may requests the DPO to investigate a particular matter or occurrence directly related to the Data Protection Officer's duties.
Please contact the DPO in writing, by using one of the following means:
- by sending an e-mail to:
- by post:
European Commission - European Anti-Fraud Office
OLAF Data Protection Officer
The Data controller
To exercise your rights under Regulation (EU)2018/1725 (e.g. to have access to your data, to request rectification or erasure of your data), you should contact the controller in charge of your data processing.
You can get in touch with the controller using by sending an email to:
This e-mail address also appears on the privacy statement associated with each case of data processing and in the data protection register.