Assign topic to the user
We can keep personal data of clients once they are no longer our customers.
(1)True
(2) False
The answer as posted on your website is #2. I disagree with this answer. Please help me understand why I am wrong. Here is an example.
I use a provider of electricity. I then cancel my service with this provider and switch to another. I can still log into the first electricity service provider's website and review my historic bills and they have an account profile on me. This is a legitimate purpose for keeping my personal data even though I am no longer their customer. The same applies for banks, credit cards, etc. Why is the answer false to your question?
Answer:
Article 5.1.(e) of the EU GDPR - “Principles relating to processing of personal data” https://advisera.com/gdpr/principles-relating-to-processing-of-personal-data/ states that “no longer than is necessary for the purposes for which th e personal data are processed” which means that indeed once someone ceases to be your customer their data should be deleted. This is the general rule and this is why the correct answer is “No”.
However, there are some derogation that may apply such as when there is a legal requirement to keep personal data even if the processing activity is over. The bills and transaction history are usually kept for a certain period of time between 5 and 10 years for regulatory purpose so the legal grounds for processing in this case is legal obligation not legitimate interest.
Comment as guest or Sign in
Apr 12, 2018