Navigation
RGPD > Article 10. Traitement des données à caractère personnel relatives aux condamnations pénales et aux infractions
Télécharger le PDF

Article 10 RGPD. Traitement des données à caractère personnel relatives aux condamnations pénales et aux infractions

Article 10 GDPR. Processing of personal data relating to criminal convictions and offences

Le traitement des données à caractère personnel relatives aux condamnations pénales et aux infractions ou aux mesures de sûreté connexes fondé sur l’article 6, paragraphe 1, ne peut être effectué que sous le contrôle de l’autorité publique, ou si le traitement est autorisé par le droit de l’Union ou par le droit d’un État membre qui prévoit des garanties appropriées pour les droits et libertés des personnes concernées. Tout registre complet des condamnations pénales ne peut être tenu que sous le contrôle de l’autorité publique.

Processing of personal data relating to criminal convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when the processing is authorised by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.

Connexe
Explication ISO 27701 Lignes directrices & Jurisprudence Laisser un commentaire
Explication

(EN) Criminal offence data are treated specifically by the General Data Protection Regulation. They represent sensitive data that must be dealt with appropriate care, similarly to special categories of personal data (article 9). They obey particular rules, but they do not expressly fall under thespecial categories of personal data”. They have their own legal regime and they do not benefit from similar exceptions as the aforementioned data [article 9 (2)].

 

[…]


lire le texte complet

Auteur
Louis-Philippe Gratton
Louis-Philippe Gratton PhD, LLM
Expert en protection de la vie privée
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 10 GDPR:

7.2.2 Identify lawful basis

Control

The organization should determine, document and comply with the relevant lawful basis for the processing of PII for the identified purposes.

Implementation guidance

Some jurisdictions require the organization to be able to demonstrate that the lawfulness of processing was duly established before the processing.

The legal basis for the processing of PII can include:

[…]


lire le texte complet

Lignes directrices & Jurisprudence Laisser un commentaire
[js-disqus]