Please enable JavaScript.
Coggle requires JavaScript to display documents.
7- LAWFUL PROCESSING CRITERIA (PROCESSING NECESSARY FOR (CONTROLLER/3RD…
7-
LAWFUL PROCESSING CRITERIA
CONSENT
freely given
genuine choice
clearly distinguishable from
acceptance of other matters
imbalance employer-employee relation
specific
for every purpose
slight exception: scientific research
informed
at least: controller id and purposes
unambiguous indication of wishes
PROCESSING NECESSARY FOR
PERFORMANCE OF
CONTRACT
WHERE DATA SUBJECT IS PARTY
LEGAL OBLIGATION
OF CONTROLLER
(under EU and MS law) :green_cross:
PROTECTING DATA SUBJECT/OTHER NATURAL PERSON
VITAL INTEREST
TASK PERFORMED IN THE
PUBLIC INTEREST
OR OFFICIAL AUTHORITY VESTED IN THE CONTROLLER
(under EU and MS law) :green_cross:
DS can
object
:no_entry:
CONTROLLER/3RD PARTY
LEGITIMATE INTEREST
except
right to object
in :no_entry: case of interests overridden by rights/freedoms of data subject
legitimate interest to be indicated in the
PP
NOT for public authorities :red_cross:
Legitimate interest can exist where there's a
relevant relation
btw DS and controller
consideration of different DPA interpretations
SENSITIVE DATA
can be processed when
EXPLICIT
CONSENT
MSs additional measures :black_flag:
NECESSARY
CONTROLLER OBLIGATION UNDER
EMPLOYMENT,
SOCIAL SECURITY/PROTECTION LAW
(MS additional measures) :black_flag:
FOR PROTECTING DATA SUBJECT/OTHER NATURAL PERSON
VITAL INTEREST
if consent is impossible
FOR EXERCISE OF
CONTROLLER LEGAL CLAIMS
FOR
SUBSTANTIAL PUBLIC INTEREST
if local laws respect the
essence
of dp right and are
proportionate
to the aim pursued
FOR
ARCHIVING
PURPOSES OF
PUBLIC INTEREST, STATISTICAL-HISTORIC-SCIENTIFIC RESEARCH
if safeguards in place
FOR
PUBLIC INTEREST
IN
PUBLIC HEALTH
NON PROFIT INSTITUTIONS
PROCESSING OF DATA OF THEIR CURRENT/FORMER MEMBERS
(MS additional measures) :black_flag:
DATA IS DELIBERATELY
DISCLOSED BY DATA SUBJECT
IN CONTEXT OF
MEDICAL/SOCIAL CARE PURPOSE