Post by account_disabled on Feb 27, 2024 1:12:02 GMT -6
The regulation defines the processing of data as its collection , storage , consultation , modification and cancellation , whether the data was collected by a physical operator or whether the data was collected using IT tools and media. Paraphrasing the legal definition of data processing, it immediately becomes clear that for each piece of data collected it is necessary: inform the user through specific information on which data will be requested specify why the data is collected and what its purpose is indicate to the user how long the data remains "in memory" and, therefore, for how long the owner can have and use it But what is needed to process personal data correctly in full GDPR compliance ? And what are the legal bases that allow a data controller to collect personal data? We can answer this question with a number: 6! In fact, there are 6 legal bases to which a data controller can refer when he decides to collect personal data and there are also 6 principles that the GDPR indicates as "good rules" to follow when processing personal data.
Specifically, the 6 legal bases are: consent – the interested party authorizes the Panama mobile number list processing of their data through any positive action (checkbox, continuation of navigation in front of a banner, etc.) contractual execution – to complete a contract it is necessary to use the personal data of the interested party. This is the case in which a user makes a purchase on a marketplace and, to complete the delivery of the goods, the marketplace must communicate the user's location data to one of its sellers legal obligation – often applied in banking and insurance vital interest – often used in healthcare or scientific research public interest – the personal data of the interested party must be collected and/or used for the benefit of a public interest or of the community (often applicable for associations or public bodies or in the judicial field) legitimate interest – is perhaps the most interesting legal basis because it allows you to balance the rights of the interested party with the interests of those who process the data.
If the owner believes that to achieve his objective it is necessary to use personal data and that this objective is higher in importance than the rights of the interested party, then he can use the data as long as he documents the original and the use in order to then respond to any disputes, including legal ones, by the interested party. Therefore, if we analyze overall all the legal bases made available by the GDPR, and think about all the information that we come across every day while browsing the web, we can immediately realize that the most widespread is certainly consent, that is, when it is interested in consenting to the processing of your personal data, but you are not the only one! In fact, it would be very limiting to be able to communicate with users only after their express consent. Think, for example, of an online insurance company that over the years has built a database with the history of all policy purchases made by its customers.
Specifically, the 6 legal bases are: consent – the interested party authorizes the Panama mobile number list processing of their data through any positive action (checkbox, continuation of navigation in front of a banner, etc.) contractual execution – to complete a contract it is necessary to use the personal data of the interested party. This is the case in which a user makes a purchase on a marketplace and, to complete the delivery of the goods, the marketplace must communicate the user's location data to one of its sellers legal obligation – often applied in banking and insurance vital interest – often used in healthcare or scientific research public interest – the personal data of the interested party must be collected and/or used for the benefit of a public interest or of the community (often applicable for associations or public bodies or in the judicial field) legitimate interest – is perhaps the most interesting legal basis because it allows you to balance the rights of the interested party with the interests of those who process the data.
If the owner believes that to achieve his objective it is necessary to use personal data and that this objective is higher in importance than the rights of the interested party, then he can use the data as long as he documents the original and the use in order to then respond to any disputes, including legal ones, by the interested party. Therefore, if we analyze overall all the legal bases made available by the GDPR, and think about all the information that we come across every day while browsing the web, we can immediately realize that the most widespread is certainly consent, that is, when it is interested in consenting to the processing of your personal data, but you are not the only one! In fact, it would be very limiting to be able to communicate with users only after their express consent. Think, for example, of an online insurance company that over the years has built a database with the history of all policy purchases made by its customers.