[Gnso-epdp-team] “Action item #4: Alex and Thomas to collaborate on redrafting §4.4 (introductory paragraph), Appendix A.4. and Appendix C2.”
epdp at gdpr.ninja
Thu Sep 6 13:04:46 UTC 2018
While Alex (and Diane) and I have discussed this and exchanged e-mail on this, we have not come to a final text. Nonetheless, Alex and I agreed we should share what we have and talk you through the points we struggled with.
However, such Processing must be in a manner that complies with the GDPR. In particular, the principles laid down in Art. 5 GDPR must be abided by, e.g. there must be a specified, explicit and legitimate purposes. Additionally, a legal basis from the catalogue in Art. 6 I GDPR must be given. These are:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Purposes pursued by ICANN which correspond to its own organizational mission and mandate:
Purposes pursued by other interested third parties
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnso-epdp-team