CEB Data Protection Regulations

What the Regulations provide

The CEB Data Protection Regulations establish a comprehensive and binding framework governing the processing of personal data by the Bank or on its behalf. They:

• define clear principles for lawful, fair and transparent processing of personal data
• ensure respect for the rights of data subjects, including rights of access, rectification, erasure and objection
• set out strict requirements for data security, confidentiality and breach notification
• regulate transfers of personal data outside the Bank, subject to equivalent levels of protection
• provide effective remedies and safeguards in case of non-compliance.

The Regulations are closely modelled on the Council of Europe’s Modernised Convention for the Protection of Individuals with regard to the Processing of Personal Data (Convention 108+), reinforcing the CEB’s role within the Council of Europe family.

Governance and independent oversight

The CEB’s data protection framework is supported by strong and independent oversight mechanisms:

• the Data Protection Officer (DPO) advises data controllers and data subjects, promotes awareness, and monitors the application of the Regulations within the Bank; and
• the Data Protection Commissioner (DPC) acts as an independent supervisory authority, with powers to examine complaints, conduct inquiries and order remedial action.

The Data Protection Commissioner issues annual public reports on the application of the Regulations, ensuring transparency and accountability.

Read the Data Protection Commissioner’s Annual Reports (PDFs):

• Data Protection Commissioner report 2025
• Data Protection Commissioner report 2024
• Data Protection Commissioner report 2023

Contacts:

• Data Protection Commissioner: Mr. Billy Hawkes, DPC@coebank.org
• Data Protection Officer: DPO@coebank.org