A couple of weeks ago the European Data Protection Supervisor released the call for application CA6/2017 to hire a data and social scientist
The only reference to the processing of candidates’ personal data is a footnote at page 2 that verbatim reads:
All personal data from the application is processed in accordance with the EDPS Privacy Statement.
There is anything else in this document (purpose of processing, security measures, personal data communication and sharing realms and so on.)
According to a strict reading of the Data Protection and the GDPR, the data subject has not been given a proper information.
If I am right, who should investigate this lack of compliance?
If I am wrong, are data controller legally and safely allowed to use the very same approach of the European Data Protection Supervisor and provide short, one-sentence information to the data subject?