Legal Justification Mapped to Rights
Rights
These are the rights provide for in the GDPR and in the Convention 108+.
Subject Access
Rectification
Erasure
Restrict Processing
Object
Automated Individual Decision Making: Processing and Profiling
Â
Recital 67 and 68 - GDPR
In automated filing systems, the restriction of processing should in principle be ensured by technical means in such a manner that the personal data are not subject to further processing operations and cannot be changed. The fact that the processing of personal data is restricted should be clearly indicated in the system.
GDPR Legal Justification | Definition | Privacy Rights (7) | Liability/Obligation Controller / Provider liability in the chain for personal data | References |
---|---|---|---|---|
Consent | informed and meaningful consent is explicitly specified to a purpose of use, in such a way that it is clear data will be processed only in the manner specified | Subject Access, Rectification, Erasure, Restrict Processing, Object, Automated Individual Decision Making (6) | Â | Â |
Public Interest, Public Org Surveillance | ask carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1)(e) and Recital 45 | Subject Access, Rectification, Restrict Processing, Object, Automated Individual Decision Making (5) | Â | Â |
Contractual Necessity | Â personal data should be processed on the basis of the consent of the data subject concerned or some other legitimate basis, laid down by law, either in this Regulation or in other Union or Member State law as referred to in this Regulation, including the necessity for compliance with the legal obligation to which the controller is subject or the necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. | Subject Access, Rectification, Restrict Processing (3) Note; must by binding on processors to be valid. | Â | Â |
Legal Obligation | processing is necessary for compliance with a legal obligation to which the controller is subject. | Subject Access, Rectification, Restrict Processing (3) |  |  |
Legitimate Interest |
| Subject Access, Rectification, Erasure, Restrict Processing, Object, Automated Individual Decision Making (6) | Â | Â |
Best/Vital Interest of Data Subject, | When consent is not required is when it is legally deemed in the best interest of the data subject to disclose and process personal information. Vital interests are intended to cover only interests that are essential for someone's life. | Subject Access, Rectification, Restrict Processing, Automated Individual Decision Making(4) |  |  |
NA | when legal justification is not provided. Is consent by default? | N/A - To provide legal notice - which includes what notice Fake Notice Should Be Reported by Investigator | OPN-MDC-Receipt transfers liability.
| Â |
Â