The GDPR provides six (6) grounds for processing personal data, referred to as Lawfulness of Processing.. [GDPR Article 6, paragraph (1)]. They include Consent [GDPR Article 6, paragraph (1a)], Performance of a Contract [GDPR Article 6, paragraph (1b)], Compliance with a Legal Obligation [GDPR Article 6, paragraph (1c)], to Protect the Vital Interests of the Individual [GDPR Article 6, paragraph (1)d], to Carry Out a Task for Public Interest [GDPR Article 6, paragraph (1e)], and for the Purposes of Legitimate interests [GDPR Article 6, paragraph (1f)]. Processing shall be lawful only if and to the extent that at least one of the these applies.
GDPRtoons is a collection of informative and thought-inspiring cartoons focused on the pending General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) that will be enforced in May of 2018. The GDPR European Union laws will drastically change HOW-WHEN-WHY-WHERE personal data is collected and stored for 750 million people in 28 EU countries and 3 EEA countries. *** Link to PDF of GDPR
Tuesday, August 29, 2017
GDPR provides six (6) grounds for processing personal data
The GDPR provides six (6) grounds for processing personal data, referred to as Lawfulness of Processing.. [GDPR Article 6, paragraph (1)]. They include Consent [GDPR Article 6, paragraph (1a)], Performance of a Contract [GDPR Article 6, paragraph (1b)], Compliance with a Legal Obligation [GDPR Article 6, paragraph (1c)], to Protect the Vital Interests of the Individual [GDPR Article 6, paragraph (1)d], to Carry Out a Task for Public Interest [GDPR Article 6, paragraph (1e)], and for the Purposes of Legitimate interests [GDPR Article 6, paragraph (1f)]. Processing shall be lawful only if and to the extent that at least one of the these applies.
Tuesday, August 1, 2017
GDPR and Legitimate Interest
Legitimate Interest. The GDPR provides six (6) grounds for processing personal data and "Legitimate Interest" is one of them. [GDPR Article 6, paragraph (1)]. Legitimate Interest is also one of the exceptional basis for data transfer outside of the EU. [GDPR Article 49, paragraph (g)].
For compliance, the controller must also disclose at the time of personal data collection, the purpose for processing the data, as well as the legal basis for collecting the data. [GDPR Article 13, paragraph (1c)]. If the legal basis it "legitimate interest", the controller must describe that legitimate interest. [GDPR Article 13, paragraph (1d)].
Transparency is an explicit requirement of GDPR
Transparency is an explicit requirement of GDPR, where it states in its first principle that personal data must be "processed lawfully, fairly and in a transparent manner...." [GDPR Article 5, paragraph 1(a)] .
The controller is responsible for demonstrating compliance with transparency. [GDPR Article 5, paragraph 2] .
The controller must provide information to individuals in a concise, transparent, intelligible and easy to access form, using clear and plain language. [GDPR Article 12, paragraph 1] .
Subscribe to:
Posts (Atom)