Expert Advice Community

Guest

GDPR Documentation and PII

  Quote
Guest
Guest user Created:   Dec 24, 2020 Last commented:   Dec 30, 2020

GDPR Documentation and PII

Please advise regarding the below:

1. As per GDPR what should data controller and processor do when they obtain data subject PII from another individual other than the data subject such as his/her brother or sister or friend

2. As per GDPR , what is the list of required documentation from data processor and data controller

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Dec 29, 2020

As per GDPR what should data controller and processor do when they obtain data subject PII from another individual other than the data subject such as his/her brother or sister or friend

GDPR requires that PII are obtained by the data subject before starting processing. 

If controller and processor obtain PII from another individual, they should verify if the data subject consented to the disclosure of PII to the controller and the processor.

Article 7 GDPR, in fact, requires to the controller to be able to demonstrate that the data subject consented to data processing when based on consent.

After verifying consent of data subject, information about data processing should be given and then controller and processor will be able to process data. In the case of PII belonging to children, only the parents or guardians can consent to process.

Of course, if the data processing is based on other legal grounds, the controller and processor can manage PII obtained from a brother or a sister of the data subject. This happens in the case of gifts purchased on the web (the online shop needs to process the PII of the receiver of the gift and in this case, the legal ground of data processing is the performing of a contract).

As per GDPR, what is the list of required documentation from data processor and data controller"

You can find here the full list of mandatory documentation:

Here you can find more information about the data controller and the processor, consent, and data subjects:

In order to understand how to manage data subjects PII, you can consider enrolling in our free online training EU GDPR Foundations Course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 0
Guest
Guest user Dec 30, 2020

Please advise regarding the below:

1. What is data processor obligations in details regarding data subject rights

• The right to be informed.
• The right of access.
• The right to rectification.
• The right to erasure.
• The right to restrict processing.
• The right to data portability.
• The right to object.
• Rights in relation to automated decision making and profiling.

Is there any procedure to be taken as example

2. When providing outsourcing call center services , what is the legal basis to process the data noting that consent is taken by the data controller (is it legitimate interest : be able to fulfill our contractual obligation with the controller ?)

3. What is the list of documentations required by the data processor

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 24, 2020

Dec 30, 2020

Suggested Topics

Guest user Created:   Nov 09, 2020 EU GDPR
Replies: 1
0 0

DPIA

Guest user Created:   Sep 24, 2021 EU GDPR
Replies: 2
0 1

Conversion to UK version of GDPR