Add your Comment
- The processing of data, whether ordered by law, is carried out at the discretion of the trustee or by agreement or with the consent of the persons concerned, must be legitimate and must not be contrary to legal regulations or morals.
- All data processing must be based on one of the basic reasons (legal titles for processing), most often contractual performance, legal obligations or legal authorization, the exercise of public authority or processing based on the consent of the person concerned.
- Everyone who collects, processes and retains personal data must clearly define (define and be able to explain) the intended purpose – the purpose of the data processing.
- All methods and forms, processing scope and retention time must always be appropriate to the purpose of processing.
- If the details of the processing are laid down in a public law regulation, they cannot usually be deviated from them. Any processing in the public sector must have a clear legal basis; such processing cannot be replaced by consent to the processing of data.
- Both the administrator and the person responsible for the processing of personal data must ensure that the personal data are adequately protected and protected by organizational and technical measures – in proportion to the risk of processing.
- Processing should be fair, fair and transparent to the individuals concerned. The processing information provided by the data subject must be clear, unambiguous and comprehensible, to the extent appropriate to the particular situation.
- Processing must not interfere with privacy. Administrators can choose different reasonable means of processing, but in the case of modern technologies they are required to consider new risks and impacts on the privacy of individuals. In particular, it must consider the justification and justification of any sharing or publication of negative or otherwise sensitive data.
- After fulfilling the purpose of the processing, the person is obliged to liquidate the personal data. Longer retention periods may be set by statutory rules on archiving or specific use of data (State Statistical Service, sickness and pension insurance, etc.).
- Within the EU, the individual protection of personal data provided by the General Regulation (GDPR) is guaranteed in each Member State. The transfer of personal data outside the European Union can only take place under additional rules or under certain circumstances, such as the performance of a contract with the data subject.
SEE ALL
YOU