The European Commission is not GDPR compliant even though it was responsible for the new GDPR law The European Commission has insisted it is not subject to the strict new data protection law that it has imposed […]

The European Commission has insisted it is not subject to the strict new data protection law that it has imposed across Europe after it was revealed the personal information of hundreds of people had been leaked on its website.

If another company had suffered such a leak of personal details it would constitute a breach of the General Data Protection Regulation (GDPR).

Its “embarrassing” data breach comes after companies rushed to meet the May 25 deadline which saw the EU’s new GDPR law come into force.

The i newsletter latest news and analysis Email address is invalid Email address is invalid Thank you for subscribing! Sorry, there was a problem with your subscription.

Legal reasons

According to the Daily Telegraph, a spokesman for the European Commission said that European institutions were “separate” from GDPR for “legal reasons”. Instead, it would be subject to a new law that “mirrors” GDPR which will come into effect in the autumn.

The leak includes more than 700 records including names, addresses and professions.

As well as this, in some cases, the postcodes and addresses of British citizens can be found by searching the official EU website using Google.

They are among thousands of Excel spreadsheets that are easily accessible online and were uploaded from 2013 by officials in European Commission ­departments to their website Europa.eu.

Irony

Jon Baines, a data protection expert at law firm Mishcon de Reya, highlighted the “irony” of the EU’s admission. He said that the breach raises “questions about the general level of compliance and whether any further inadvertent disclosures have been made.”

Last week GDPR, which is a new EU law that restricts how companies use and store the personal data of Europeans, came into force.

However, many smaller businesses and entities complained about the bureaucracy this entailed as they struggled to meet the deadline or face fines of up to £17.5m or 4% of global turnover – which is highest.

Embarrassing

Steve Gailey, security expert at Exabeam, which offers database security products, said that EU’s leak was “embarrassing” coming so soon after the introduction of GDPR.

Within hours of the new law coming into force, some websites went offline and there were accusations that Facebook and Google had already breached GDPR.

The Information Commissioner’s Office, which enforces GDPR in the UK, was also offline briefly owing to high traffic to its site.