(a) is-suġġett tad-data jikkontesta l-eżattezza tad-data personali, għal perijodu li jippermetti li l-kontrollur jivverifika l-eżattezza tad-data personali;
(b) l-ipproċessar huwa illegali u s-suġġett tad-data jopponi t-tħassir tad-data personali u jitlob minflok ir-restrizzjoni tal-użu tagħha;
(c) il-kontrollur ma jkollux aktar bżonn tad-data personali għall-għanijiet tal-ipproċessar, iżda din tkun meħtieġa mis-suġġett tad-data għall-istabbiliment, l-eżerċizzju jew id-difiża ta’ talbiet legali;
2. Fejn l-ipproċessar jkun ġie ristrett skont il-paragrafu 1, tali data personali tista’, bl-eċċezzjoni tal-ħażna, tiġi pproċessata biss bil-kunsens tas-suġġett tad-data jew għall-istabbiliment, l-eżerċizzju jew id-difiża ta’ talbiet legali jew għall-protezzjoni tad-drittijiet ta’ persuna fiżika jew ġuridika oħra jew għal raġunijiet ta’ interess pubbliku importanti tal-Unjoni jew ta’ Stat Membru.
(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.
Here is the relevant paragraph to article 18(2) GDPR:
7.2.2 Identify lawful basis
Control
The organization should determine, document and comply with the relevant lawful basis for the processing of PII for the identified purposes.
Implementation guidance
Some jurisdictions require the organization to be able to demonstrate that the lawfulness of processing was duly established before the processing.
(EN) […]
(EN) Sign in
to read the full text
3. Is-suġġett tad-data li kiseb ir-restrizzjoni tal-ipproċessar skont il-paragrafu 1 għandu jiġi infurmat mill-kontrollur qabel ma titneħħa r-restrizzjoni tal-ipproċessar.
(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.
Here is the relevant paragraph to article 18(3) GDPR:
7.3.2 Determining information for PII principals
Control
The organization should determine and document the information to be provided to PII principals regarding the processing of their PII and the timing of such a provision.
Implementation guidance
The organization should determine the legal, regulatory and/or business requirements for when information is to be provided to the PII principal (e.g. prior to processing, within a certain time from when it is requested, etc.) and for the type of information to be provided.
(EN) […]
(EN) Sign in
to read the full text
(EN) The right to restriction of processing is one of the eight rights granted by the GDPR, but it is not the easiest one to understand at first glance. It can be summed up as an obligation on behalf of the controller to retain data, but they can neither be processed in any other manner nor modified…
(EN) […]
(EN) Sign in
to read the full text
(EN)
Concern: Request to restrict the processing of my personal data
Dear Madam, Dear Sir,
I am entitled to ask you to restrict the processing of my personal data under Article 18(1) of the General Data Protection Regulation (GDPR)…
(EN) […]
(EN) Sign in
to read the full text
(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.
Here is the relevant paragraph to article 18 GDPR:
7.3.4 Providing mechanism to modify or withdraw consent
Control
The organization should provide a mechanism for PII principals to modify or withdraw their consent.
Implementation guidance
The organization should inform PII principals of their rights related to withdrawing consent (which may vary by jurisdiction) at any time, and provide the mechanism to do so.
(EN) […]
(EN) Sign in
to read the full text
(67) Il-metodi li li bihom jiġi ristrett l-ipproċessar ta' data personali jistgħu jinkludu, fost l-oħrajn, it-trasferiment temporanju tad-data magħżula għal sistema tal-ipproċessar oħra,li d-data personali magħżula ma tkunx disponibbli għall-utenti jew li data ppubblikata titneħħa temporanjament minn sit elettroniku. F'sistemi tal-arkivjar awtomatizzati, ir-restrizzjoni tal-ipproċessar għandha fil-prinċipju tiġi żgurata b'mezzi tekniċi b'tali mod li d-data personali ma tkunx soġġetta għal aktar operazzjonijiet ta' pproċessar u ma tkunx tista' tinbidel. Il-fatt li l-ipproċessar tad-data personali huwa ristrett għandu jiġi indikat b'mod ċar fis-sistema.
(EN)