Nascleanúint
RGCS (GDPR) > Airteagal 11. Próiseáil nach ngabhann ceanglas sainaitheanta léi
Íoslódáil PDF

Airteagal 11 RGCS (GDPR). Próiseáil nach ngabhann ceanglas sainaitheanta léi

Article 11 GDPR. Processing which does not require identification

1. Mura mbeidh ceanglas ar an rialaitheoir, maidir leis na críocha a ndéanann sé sonraí pearsanta a phróiseáil lena n-aghaidh, an t-ábhar sonraí a shainaithint nó nach bhfuil na ceanglais sin air níos mó, ní bheidh sé d’oibleagáid ar an rialaitheoir tuilleadh faisnéise a choimeád, a fháil nó a phróiseáil d’fhonn go sainaithneoidh sé, d’aon toisc chun an Rialachán seo a chomhlíonadh, an t-ábhar sonraí.

1. If the purposes for which a controller processes personal data do not or do no longer require the identification of a data subject by the controller, the controller shall not be obliged to maintain, acquire or process additional information in order to identify the data subject for the sole purpose of complying with this Regulation.

ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 11(1) GDPR:

7.4.5 PII de-identification and deletion at the end of processing

Control

The organization should either delete PII or render it in a form which does not permit identification or re-identification of PII principals, as soon as the original PII is no longer necessary for the identified purpose(s).

(EN) […]


to read the full text

2. Más rud é, i gcásanna dá dtagraítear i mír 1 den Airteagal seo, go bhféadfaidh an rialaitheoir a thaispeáint nach bhfuil sé in ann an t-ábhar sonraí a shainaithint, cuirfidh an rialaitheoir an méid sin in iúl dá réir don ábhar sonraí, más féidir. I gcásanna den sórt sin, ní bheidh feidhm ag Airteagal 15 go hAirteagal 20 ach amháin i gcás go soláthraíonn an t-ábhar sonraí tuilleadh faisnéise lena gcumasaítear é a shainaithint, chun críocha a chearta nó a cearta a fheidhmiú faoi na hairteagail sin.

2. Where, in cases referred to in paragraph 1 of this Article, the controller is able to demonstrate that it is not in a position to identify the data subject, the controller shall inform the data subject accordingly, if possible. In such cases, Articles 15 to 20 shall not apply except where the data subject, for the purpose of exercising his or her rights under those articles, provides additional information enabling his or her identification.

ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraphs to article 11(2) GDPR:

7.3.2 Determining information for PII principals

Control

The organization should determine and document the information to be provided to PII principals regarding the processing of their PII and the timing of such a provision.

Implementation guidance

The organization should determine the legal, regulatory and/or business requirements for when information is to be provided to the PII principal (e.g. prior to processing, within a certain time from when it is requested, etc.) and for the type of information to be provided.

Depending on the requirements, the information can take the form of a notice. Examples of types of information that can be provided to PII principals are:

 

(EN) […]


to read the full text

Téacsanna gaolmhara
Recitals Leave a comment
Recitals

(57) Mura féidir leis an rialaitheoir duine nádúrtha a shainaithint ó na sonraí pearsanta a phróiseáil an rialaitheoir sin, níor cheart é a bheith d'oibleagáid ar an rialaitheoir sonraí faisnéis bhreise a fháil chun an t-ábhar sonraí a shainaithint chun críche foráil de chuid an Rialacháin seo a chomhlíonadh agus chun na críche sin amháin. Mar sin féin, níor cheart don rialaitheoir diúltú faisnéis bhreise a chuireann an t-ábhar sonraí ar fáil a ghlacadh d'fhonn tacú le feidhmiú a cheart nó a ceart. Ba cheart a áireamh sa tsainaithint dhigiteach ábhar sonraí, mar shampla trí shásra fíordheimhnithe amhail an fhaisnéis chéanna aitheantais a úsáideann an t-ábhar sonraí le logáil isteach ar an tseirbhís ar líne atá á tairiscint ag an rialaitheoir sonraí.

(57) If the personal data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the data controller.

(64) Ba cheart don rialaitheoir gach beart réasúnta a dhéanamh le go bhfíorófar céannacht ábhair sonraí atá ag iarraidh rochtain a fháil ar na sonraí sin, go háirithe i gcomhthéacs seirbhísí ar líne agus aitheantóirí ar líne. Níor cheart do rialaitheoir sonraí pearsanta a choinneáil díreach ar mhaithe le freagairt d'iarrataí a d'fhéadfadh sé a fháil.

(64) The controller should use all reasonable measures to verify the identity of a data subject who requests access, in particular in the context of online services and online identifiers. A controller should not retain personal data for the sole purpose of being able to react to potential requests.

Leave a comment
[js-disqus]