Bulgarian Commission for Personal Data Protection
- The legal grounds for personal data protection in the Republic of Bulgaria
- The legal position of the Bulgarian Commission for Personal Data Protection
- The legal rights of the Commission for Personal Data Protection
- Limitations of the Commission for Personal Data Protection
- Contact information
1. The legal grounds for Personal Data Protection in the Republic of Bulgaria
- Constitution of the Republic of Bulgaria (adopted on 13 July 1991)
- Convention for the Protection of Human rights and Fundamental freedoms (ratified on 31 July 1992)
- Personal Data Protection Act (came into force on 1st January 2002)
- Convention for the Protection of Individuals with regards to Automatic Processing of Personal Data (ETS No.108, ratified on 7 June 2002)
2. The legal position of the Bulgarian Commission for Personal Data Protection
The Bulgarian Commission for Personal Data Protection is an independent supervisory authority based in Sofia and subsidised by the national budget. It is a collegiate body, consisting of a Chairman and four members, elected by the Parliament for a period of five years with a possibility to be re-elected for 5 years more.
Members of the Commission may be only Bulgarian citizens who have:
The Chairman should be a trained lawyer who meets the above mentioned requirements.
- a university degree in law or in information sciences or a master's degree in information technologies;
- length of service of at least 10 years in their respective field;
- clean criminal record.
The sessions of the Commission are public, in certain cases it may decide to have sittings in camera. The Commission takes decisions by majority vote of all its members.
The decisions of the Commission on complaints may be appealed against at Court.
The Commission is supported by Administration divided into four departments: Finances and International Activities, Software and Hardware Department, Information Department and Legal Department. The total number of employees is 71.
Annually the Commission should submit an activity report to the Parliament and the Council of Ministers.
3. The legal rights of the Commission for Personal Data Protection
- analyses and exercises overall control on the compliance with the legislation in the field of personal data protection;
- keeps a register of Personal Data Controllers;
- inspects the Controllers' activities in connection with its powers under subparagraph 1;
- gives opinions and permissions in the cases covered by the Act;
- issues obligatory instructions to Controllers, related to the protection of personal data;
- upon advance notification imposes temporary suspension on personal data processing that breaches the personal data protection rules;
- reviews complaints against Controllers who have refused persons access to their personal data as well as other Controllers' or third parties' complaints in relation with their rights under the Act;
- participates in the drafting of legislation containing provisions on personal data protection.
4. Limitations of the Commission for Personal Data Protection
The Commission has competency to supervise both public and private sectors. It is a central administrative authority in the area of personal data protection.
The processing and the access to personal data for the purposes of defense, national security and public order as well as for the enforcing of criminal law by the executive power and the judiciary are subject to special Acts.
5. Contact information
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov blvd.