The present work addresses an innovative legal analysis on the treatment and protection of personal data about asylum and subsidiary protection seekers in the comprehensive reform of the Common European Asylum System (CEAS). This reform, among other countless aspects, has increased the effective EU Information Management as the key to protect external borders, improve the management of migration flows and contribute to the enhancement of internal security. The applicable data protection legislation is significantly fragmented, complex and diffuse since, despite the GDPR excludes from its scope asylum-related activities, border control, and immigration is directly defined in the proposed Dublin IV, Procedures and Eurodac regulations. At the same time, the persistent linkages to the security of Member States can reflect the potential application of the Data Protection Directive on Police Matters. In addition, the interoperability of different information systems, the deployment of specific bodies (such as Frontex or EASO) as well as law enforcement authorities are bound directly by their own regulations. Consequently, this fragmented and particularly complex legal framework constitutes the subject of the study.