Re: Proposals

hi there,

for what it's worth:

On 19.12.2023 13:38, Georg Philip Krog wrote:
..

> 2.
> We do not have principles in DPV, not in DPV-GDPR. We should add them if 
> they are needed. They are needed for DPIAS like this.
> 
> Assessment of compliance with the fundamental privacy principles:
> 
..
> 
> Resources:
> https://www.dataprotection.ie/..

In case you add principles, the source would be Art. 5 GDPR

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679#d1e1797-1-1

> 4.
> Under contract legal basis I propose "Agreement with Data Subject"

Art. 6(1)(b) GDPR uses the wording "processing is necessary for the 
performance of a contract to which the data subject is party..."

"Agreement with Data Subject" may give another impression.  Like "the 
data subject agreed to my processing".  That interpretation would rather 
be consent (i.e., Art. 6(1)(a) GDPR)).

cheers
-b

-- 
Bud P. Bruegger, Dipl.-Ing. (ETH), Ph.D. (University of Maine)
ULD613@datenschutzzentrum.de, +49 431 988-1217
Research Department, Unabhaengiges Landeszentrum fuer Datenschutz (ULD)
Holstenstra├če 98, 24103 Kiel, https://www.datenschutzzentrum.de/

ULD is the office of the Data Protection Supervisory Authority of
Schleswig-Holstein. Information about the processing of personal data
by and the encryption of e-mail messages for ULD can be found
at https://datenschutzzentrum.de/datenschutz/

Except where explicitly stated otherwise, views and opinions expressed
in this message may deviate from the official policy or position of
the Data Protection Supervisory Authority of Schleswig-Holstein.

Received on Tuesday, 19 December 2023 13:14:38 UTC