LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

DPO Training

  Quote
Guest
Guest user Created:   Apr 12, 2018 Last commented:   Apr 12, 2018

DPO Training

I have a question regarding the legitimate purposes and principals practice exam. There is a question that is as follows:
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Apr 12, 2018
We can keep personal data of clients once they are no longer our customers.
(1)True
(2) False
The answer as posted on your website is #2. I disagree with this answer. Please help me understand why I am wrong. Here is an example.
I use a provider of electricity. I then cancel my service with this provider and switch to another. I can still log into the first electricity service provider's website and review my historic bills and they have an account profile on me. This is a legitimate purpose for keeping my personal data even though I am no longer their customer. The same applies for banks, credit cards, etc. Why is the answer false to your question?

Answer:

Article 5.1.(e) of the EU GDPR - “Principles relating to processing of personal data” https://advisera.com/eugdpracademy/gdpr/principles-relating-to-processing-of-personal-data/ states that “no longer than is necessary for the purposes for which th e personal data are processed” which means that indeed once someone ceases to be your customer their data should be deleted. This is the general rule and this is why the correct answer is “No”.

However, there are some derogation that may apply such as when there is a legal requirement to keep personal data even if the processing activity is over. The bills and transaction history are usually kept for a certain period of time between 5 and 10 years for regulatory purpose so the legal grounds for processing in this case is legal obligation not legitimate interest.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 12, 2018

Apr 12, 2018

Suggested Topics

Guest user Created:   Dec 14, 2020 EU GDPR
Replies: 1
0 0

Data Protection Officer

Guest user Created:   May 24, 2018 EU GDPR
Replies: 1
0 0

GDPR for citizens and residents

Guest user Created:   May 17, 2018 EU GDPR
Replies: 1
0 0

The training and awareness program