Skip to content Skip to sidebar Skip to footer
    Open chat icon
    EU legislation (important), EU legislation (general)

    [:uk]Commission Implementing Regulation (EU) 2024/2639 of 9 October 2024 laying down rules for the application of Regulation (EU) 2023/988 of the European Parliament and of the Council as regards the roles and tasks of the single national contact points of the Safety Gate Rapid Alert System[:]

    October 10, 2024 0

    [:uk]




    Commission Implementing Regulation (EU) 2024/2639 Overview

    Commission Implementing Regulation (EU) 2024/2639 Overview

    Purpose and Scope

    Commission Implementing Regulation (EU) 2024/2639 establishes detailed rules for the application of Regulation (EU) 2023/988 concerning the roles and tasks of single national contact points within the Safety Gate Rapid Alert System. This regulation ensures the efficient exchange of information regarding corrective measures for dangerous products within the European Union and European Economic Area.

    Main Provisions

    Article 1: Roles and Tasks of Safety Gate Contact Points

    This article delineates the specific responsibilities assigned to each national contact point for the Safety Gate Rapid Alert System, referred to as ‘Safety Gate contact points’. Key tasks include:

    • Verification and Validation: Ensuring the completeness of notifications from national authorities before transmitting them to the Commission.
    • Duplication Check: Assessing whether a product has already been notified to avoid duplicate entries, and submitting follow-up notifications if necessary.
    • Information Dissemination: Ensuring that validated notifications from other Member States reach relevant national authorities for appropriate national follow-up.
    • Promotion of Tools: Advocating the use of the Product Safety eSurveillance Webcrawler and similar tools to enhance market surveillance.
    • Training and Assistance: Providing training and support to national authorities in utilizing the Rapid Alert System effectively.
    • Operational Facilitation: Ensuring that all tasks related to the Rapid Alert System are performed efficiently, including compliance with notification requirements and risk assessment criteria.
    • Collaboration: Facilitating cooperation and information exchange with other national contact points and participating in coordinated discussions.
    • Technical Issue Reporting: Promptly informing the Commission of any technical problems affecting the Rapid Alert System.
    • Access Management: Managing access requests to the system and notifying the Commission of any staffing changes that affect access rights.
    • Stakeholder Communication: Responding to operational inquiries from stakeholders, including economic operators and online marketplace providers.
    • Supplementary Information Liaison: Coordinating with authorities to obtain additional information for notifications that may affect businesses adversely due to incomplete data.

    Article 2: Joint Controllership Roles

    This article assigns joint controllership responsibilities to the Commission and national authorities for processing data within the Safety Gate Rapid Alert System. The roles and responsibilities are further detailed in the Annex, specifying the handling of personal data, security measures, and cooperation protocols.

    Article 3: Entry into Force

    The regulation becomes effective on the twentieth day following its publication in the Official Journal of the European Union and applies from 13 December 2024. It is binding and directly applicable in all Member States.

    Annex: Joint Controllership of the Safety Gate Rapid Alert System

    1. Subject Matter and Description of the Processing

    The Annex outlines the operational framework of the Safety Gate Rapid Alert System, a notification system managed by the Commission for rapid information exchange about corrective measures for dangerous products within the EU/EEA market. It encompasses both measures mandated by authorities and voluntary actions by economic operators.

    2. Scope of Joint Controllership

    The Commission and national authorities act as joint controllers, responsible for processing personal data related to product safety notifications. Specific processing activities assigned to the Commission include handling information about measures against dangerous products and transmitting data to national contact points. National authorities are responsible for processing information related to product safety notifications and follow-up actions.

    3. Responsibilities, Roles, and Relationship with Data Subjects

    3.1. Categories of Data Subjects and Personal Data

    The system processes personal data of:

    • Safety Gate Rapid Alert System Users: Including names, contact details, and preferred languages.
    • Authors and Validators: Including contact information of personnel involved in submitting and validating notifications.
    • Economic Operators: Contact details necessary for tracing dangerous products, such as names, addresses, and contact information.

    3.2. Provision of Information to Data Subjects

    The Commission and national authorities must provide clear and accessible information to data subjects about their rights and the handling of their personal data. This includes privacy statements and transparent communication regarding data processing activities.

    3.3. Handling of Data Subjects’ Requests

    Data subjects can exercise their rights under relevant data protection regulations against either the Commission or national authorities. Joint controllers must cooperate to handle requests efficiently, ensuring that requests are forwarded to the appropriate controller and that data subjects receive timely responses.

    4. Other Responsibilities and Roles of Joint Controllers

    4.1. Security of Processing

    Both the Commission and national authorities must implement technical and organizational measures to secure personal data, protecting against unauthorized access, loss, or disclosure.

    4.2. Management of Security Incidents

    Joint controllers are required to promptly address and report any security incidents or data breaches, including assessing risks to data subjects and notifying relevant supervisory authorities and affected individuals when necessary.

    4.3. Localisation of Personal Data

    Personal data must be processed within the EU/EEA territory unless specific conditions for data transfer outside the region are met, ensuring compliance with data protection laws.

    4.4. Recipients of Personal Data

    Access to personal data is restricted to authorized personnel involved in the system’s administration and operation, governed by strict access controls and confidentiality agreements.

    5. Specific Responsibilities of Joint Controllers

    The Annex specifies distinct duties for the Commission and national authorities, including decision-making on data processing operations, maintaining records, facilitating data subject rights, ensuring data protection by design, assessing data transfer legality, and cooperating with supervisory authorities.

    6. Duration of Processing

    Personal data must not be retained longer than necessary. Specific retention periods are established for different data categories, such as:

    • Users’ contact details are retained only while they are active users.
    • Inspector contact details are kept for five years post-notification.
    • Other personal data related to dangerous products are retained for up to 30 years.

    Data subjects’ legitimate requests for data blocking, adjustment, or erasure must be addressed within one month.

    7. Liability for Non-Compliance

    The Commission and Member States’ authorities are liable for non-compliance with data protection regulations as outlined in their respective regulatory frameworks.

    8. Cooperation Between Joint Controllers

    Joint controllers must provide swift and efficient assistance to each other in fulfilling regulatory obligations, ensuring compliance with data protection laws.

    9. Settlement of Disputes

    Disputes between joint controllers regarding the interpretation or application of the regulation should be resolved amicably through consultation. If unresolved, mediation or judicial proceedings may be pursued as per the outlined procedures.

    10. Contact Points for Cooperation

    Each joint controller must nominate a single contact point for queries and information exchange. A comprehensive list of these contact points is made available on the Safety Gate Portal, facilitating seamless cooperation and coordination.


    [:]

    You May Also Like

    View All
    November 8, 2024
    Regulation (EU) 2024/2748 of the European Parliament and of the Council of 9 October 2024 amending Regulations (EU) No 305/2011, (EU) 2016/424, (EU) 2016/425, (EU) 2016/426, (EU) 2023/988 and (EU) 2023/1230 as regards emergency procedures for the conformity assessment, presumption of conformity, adoption of common specifications and market surveillance due to an internal market emergency (Text with EEA relevance)
    November 19, 2024
    Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products and repealing Council Directive 85/374/EEC (Text with EEA relevance)
    E-mail
    Password
    Confirm Password