{"id":5384,"date":"2018-03-29T13:28:28","date_gmt":"2018-03-29T10:28:28","guid":{"rendered":"https:\/\/isletgroup.fi\/?p=5384"},"modified":"2019-07-10T09:22:39","modified_gmt":"2019-07-10T06:22:39","slug":"basis-for-data-collect","status":"publish","type":"post","link":"https:\/\/isletgroup.fi\/en\/2018\/03\/29\/basis-for-data-collect\/","title":{"rendered":"GDPR\u2009\u2014\u2009On what basis you can col\u00adlect per\u00adson\u00adal&nbsp;data?"},"content":{"rendered":"<p>[et_\u200bpb_\u200bsection bb_built=\u201c1\u201d][et_pb_row][et_pb_column type=\u201c4_4\u201d][et_pb_text _builder_version=\u201c3.13.1\u201d]<\/p>\n<p><span style=\"font-weight: 400;\">In the pre\u00advi\u00adous blog <strong>\u201c<a href=\"https:\/\/isletgroup.fi\/en\/2019\/04\/03\/gdpr-is-here\/\" target=\"_blank\" rel=\"noopener noreferrer\">Dawn of the GDPR \u2013 Are you Ready?<\/a>\u201d<\/strong> we went through some of the changes that will affect orga\u00adni\u00adza\u00adtions and how you can pre\u00adpare your busi\u00adness for the upcom\u00ading reg\u00adu\u00adla\u00adtions. As described in the blog, com\u00adpa\u00adnies should be able to answer few fun\u00adda\u00admen\u00adtal ques\u00adtions on per\u00adson\u00adal data pro\u00adcess\u00ading. In this blog, how\u00adev\u00ader, we will dive deep\u00ader into the ques\u00adtion on what grounds can you col\u00adlect per\u00adson\u00adal&nbsp;data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cAs per Arti\u00adcle 5&nbsp;in the data pro\u00adtec\u00adtion reg\u00adu\u00adla\u00adtions, per\u00adson\u00adal data should be processed with the prin\u00adci\u00adpals of, for instance, law\u00adful\u00adness, pur\u00adpose lim\u00adi\u00adta\u00adtion, and data min\u00adi\u00admiza\u00adtion. Data col\u00adlec\u00adtion must be car\u00adried out on law\u00adful grounds for a&nbsp;spe\u00adcif\u00adic pur\u00adpose. This means that data can\u00adnot be col\u00adlect\u00aded with a&nbsp;hope of it being use\u00adful in the future. There needs to be an explic\u00adit law\u00adful pur\u00adpose for the col\u00adlec\u00adtion. In Arti\u00adcle 6&nbsp;of the data pro\u00adtec\u00adtion reg\u00adu\u00adla\u00adtion, six grounds for col\u00adlec\u00adtion, based on which an orga\u00adni\u00adza\u00adtion can process per\u00adson\u00adal data, have been list\u00aded. For an orga\u00adni\u00adza\u00adtion to jus\u00adti\u00adfy its data col\u00adlec\u00adtion, one of these grounds must be&nbsp;met.<\/span><\/p>\n<h2>Con\u00adsent of Data Subject<\/h2>\n<p><span style=\"font-weight: 400;\">Per\u00adson\u00adal data can be processed if the data sub\u00adject has freely giv\u00aden an informed and spe\u00adcif\u00adic con\u00adsent to per\u00adson\u00adal data pro\u00adcess\u00ading. This ground is not met where the con\u00adsent for data pro\u00adcess\u00ading is a&nbsp;part of a&nbsp;broad\u00ader con\u00adtract. The request for con\u00adsent, there\u00adfore, needs to be clear\u00adly out\u00adlined and sep\u00ada\u00adrat\u00aded from the broad\u00ader contract.<\/span><\/p>\n<h2>Per\u00adfor\u00admance of a&nbsp;Contract<\/h2>\n<p><span style=\"font-weight: 400;\">Per\u00adson\u00adal data can be processed if it is nec\u00ades\u00adsary to per\u00adform a&nbsp;con\u00adtract where the data sub\u00adject is a&nbsp;par\u00adty. An employ\u00adment con\u00adtract between an employ\u00ader and employ\u00adee is an exam\u00adple of such a&nbsp;con\u00adtract. It would not be pos\u00adsi\u00adble to per\u00adform an employ\u00adment con\u00adtract with\u00adout the pro\u00adcess\u00ading of per\u00adson\u00adal&nbsp;data.<\/span><\/p>\n<h2>Legal Oblig\u00ada\u00adtion of Controller<\/h2>\n<p><span style=\"font-weight: 400;\">The pro\u00adcess\u00ading of per\u00adson\u00adal data is allowed also when it is nec\u00ades\u00adsary to fol\u00adlow data controller\u2019s legal oblig\u00ada\u00adtions. When the ground for pro\u00adcess\u00ading is a&nbsp;legal oblig\u00ada\u00adtion, the oblig\u00ada\u00adtion must be ground\u00aded in the leg\u00adis\u00adla\u00adtion of either the Euro\u00adpean Union or its Mem\u00adber States. For instance, in the con\u00adtext of employ\u00adment, the employ\u00ader must retain and process employ\u00adee per\u00adson\u00adal data to com\u00adply with var\u00adi\u00adous employ\u00ader obligations.<\/span><\/p>\n<h2>Vital Inter\u00adest or Pub\u00adlic Interest<\/h2>\n<p><span style=\"font-weight: 400;\">Per\u00adson\u00adal data can be processed when the pro\u00adcess\u00ading is nec\u00ades\u00adsary to pro\u00adtect the vital inter\u00adests of the data sub\u00adject or of any nat\u00adur\u00adal per\u00adson. Per\u00adson\u00adal data pro\u00adcess\u00ading is also allowed when the pro\u00adcess\u00ading is required to per\u00adform tasks in the name of pub\u00adlic inter\u00adest or offi\u00adcial author\u00adi\u00adty. Grounds for pro\u00adcess\u00ading data sub\u00adjects\u2019 infor\u00adma\u00adtion may be both vital inter\u00adest and pub\u00adlic inter\u00adest. Accord\u00ading to the pref\u00adace in the data pro\u00adtec\u00adtion reg\u00adu\u00adla\u00adtion, such pro\u00adcess\u00ading grounds may be met when attempt\u00ading to stop the spread of epi\u00addemics or dur\u00ading human\u00adi\u00adtar\u00adi\u00adan cat\u00ada\u00adstro\u00adphes caused by, for exam\u00adple, nat\u00adur\u00adal disasters.<\/span><\/p>\n<h2>Legit\u00adi\u00admate interest<\/h2>\n<p><span style=\"font-weight: 400;\">Per\u00adson\u00adal data can be processed if the pro\u00adcess\u00ading is required for the <\/span><span style=\"font-weight: 400;\">controller\u2019s or a&nbsp;third party\u2019s legit\u00adi\u00admate inter\u00adests to be met except in sit\u00adu\u00ada\u00adtions where the data subject\u2019s inter\u00adests or fun\u00adda\u00admen\u00adtal rights and lib\u00ader\u00adties take prece\u00addence over the legit\u00adi\u00admate inter\u00adests. This applies espe\u00adcial\u00adly in the case when the data sub\u00adject is a&nbsp;child. The grounds for a&nbsp;legit\u00adi\u00admate inter\u00adest must be con\u00adsid\u00adered care\u00adful\u00adly. For instance, the pro\u00adcess\u00ading of per\u00adson\u00adal data for mar\u00adket\u00ading pur\u00adpos\u00ades is seen to meet the grounds of legit\u00adi\u00admate inter\u00adest of the controller.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So, when you col\u00adlect data, con\u00adsid\u00ader the neces\u00adsi\u00adty of the data you col\u00adlect and make sure that you meet one of the above grounds to com\u00adply with the GDPR. When you are sure that your process\u00ades are law\u00adful, remem\u00adber to have appro\u00adpri\u00adate documentation.<\/span><\/p>\n<p>Con\u00adtact:<br>\n<a href=\"https:\/\/isletgroup.fi\/en\/2019\/04\/03\/piia-hoffsten\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\"><strong>Piia<\/strong> <strong>Hoff\u00adsten<\/strong><\/span><\/a><br>\n<span style=\"font-weight: 400;\">Chief Oper\u00adat\u00ading Officer<\/span><br>\n<span style=\"font-weight: 400;\">piia.hoffsten (a) islet\u200bgroup\u200b.fi<\/span><br>\n<span style=\"font-weight: 400;\">+358 40 5877&nbsp;303<\/span><\/p>\n<p><span style=\"font-weight: 400;\">#GDPR #dat\u00adapro\u00adtec\u00adtion #cyber\u00adse\u00adcu\u00adri\u00adty #datase\u00adcu\u00adri\u00adty #Islet\u00adGroup<\/span><\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p><\/p><div class=\"et_pb_row et_pb_row_0 et_pb_row_empty\">\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div> In the pre\u00advi\u00adous blog \u201cDawn of the GDPR \u2013 Are you Ready?\u201d we went through some of the changes that will affect orga\u00adni\u00adza\u00adtions and how you can pre\u00adpare your busi\u00adness for the upcom\u00ading reg\u00adu\u00adla\u00adtions. As described in the blog, com\u00adpa\u00adnies should be able to answer few fun\u00adda\u00admen\u00adtal ques\u00adtions on per\u00adson\u00adal data pro\u00adcess\u00ading. In&nbsp;this&nbsp;[\u2026]\n","protected":false},"author":20,"featured_media":5477,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[441,453],"tags":[373,372,374,629,376,371,375],"class_list":["post-5384","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-all-news","category-cover-story","tag-cyber-security","tag-data-protection","tag-data-security","tag-gdpr-en","tag-grounds","tag-privacy","tag-processes"],"acf":[],"_links":{"self":[{"href":"https:\/\/isletgroup.fi\/en\/wp-json\/wp\/v2\/posts\/5384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/isletgroup.fi\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/isletgroup.fi\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/isletgroup.fi\/en\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/isletgroup.fi\/en\/wp-json\/wp\/v2\/comments?post=5384"}],"version-history":[{"count":0,"href":"https:\/\/isletgroup.fi\/en\/wp-json\/wp\/v2\/posts\/5384\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/isletgroup.fi\/en\/wp-json\/wp\/v2\/media\/5477"}],"wp:attachment":[{"href":"https:\/\/isletgroup.fi\/en\/wp-json\/wp\/v2\/media?parent=5384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/isletgroup.fi\/en\/wp-json\/wp\/v2\/categories?post=5384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/isletgroup.fi\/en\/wp-json\/wp\/v2\/tags?post=5384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}