PUBLIC ADMINISTRATIVE ESTABLISHMENT (EPA) and the GDPR

A public administrative institution (EPA) is a legal structure that has financial and administrative autonomy to carry out public service missions defined by law. EPAs are placed under the supervision of a public body (the State, a local authority, a public institution, etc.).

EPAs can have different purposes such as the management of schools, hospitals, museums, libraries, public water services, etc. EPA can be created by law or decree and can have their own budget. EPAs have specific operating rules which are defined by their status.

A public administrative establishment (EPA) may be required to process different categories of personal data depending on its missions and activities. In general, this data is collected for the proper functioning of the EPA and for the performance of its public service missions. Here are some examples of personal data that may be processed by a EPA :

• Identity data: name, first name, address, telephone number, email address, etc.
• Administrative management data: tax data, payroll data, career management data, etc.
• Data related to security and safety: video surveillance data, access control data, etc.
• Health-related data: medical data in the context of occupational medicine or occupational risk management, for example.
• Environmental data: air quality, water quality, noise measurement data, etc.
• Data related to EPA activity: activity monitoring data, statistical data, etc.

It should be noted that EPAs are subject to the same obligations as other organizations regarding the protection of personal data and must therefore respect the principles of the Data Protection Act and the General Data Protection Regulation (GDPR) regarding the collection, processing and storage of this data.