The IMI system has been developed since its inception by applying ‘privacy from design’ principles that ensure proper processing of personal data and overall security. Endorsing that suitability, in 2018 the IMI election by the European supervisor and the data protection agencies of the EEMM have chosen IMI as a tool for the cooperation between them required in the general data protection regulation.

The documents and links below provide information both to citizens (whose data is processed in the system) and to users of the system itself (whose data is necessarily recorded in IMI), regarding data protection.

• Summary of the Data Protection Guidelines synthesising the most important aspects that the authorities take into account when using the system
• Guidelines on data protection for IMI users

According to indications from the Spanish Data Protection Agency (AEPD) they should be added to point 5 of these guidelines ('What information should I provide to the interested parties?') in its second paragraph the following two points:

Establish procedures for the exercise of the aforementioned rights.

To inform the national coordinators of the IMI of the exceptions or limitations to the exercise of these rights in accordance with Organic Law 15/1999 of 13 December, on the Protection of Personal Data and its normal development.

• If you wish, you can consult the questionnaires (repertoires of questions) currently available for use by IMI authorities.
• Declaration of confidentiality which explains what the European Commission does to ensure the protection of personal data in the part of the system for which it is responsible.
• Decision 2017/46 of the Commission of 10 January 2017 on the security of the European Commission's information and communication systems