Changes between Version 1 and Version 2 of Ticket #43175, comment 17
- Timestamp:
- 05/19/2018 03:47:13 AM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #43175, comment 17
v1 v2 3 3 On one hand i would delete personal data only as a last resort and only in such cases when it is compulsory to do so /see Article 17 (1) a)-f) considering even exceptions noted in (3) b) and e) / 4 4 5 In any other case i would suggest just pseudonymisation or encryption of the data mainly because the subject should be able to make themselves reidentifyable as it stands in Article 11. (2). So if the controller does not store the encryption key anymore but the subject sprovides additional info to identify themselves, they should be reenabled to exercise their rights to access or rectify their data, right to erasure, right to restriction of processing and right to data portability.5 In any other case i would suggest just pseudonymisation or encryption of the data mainly because the subject should be able to make themselves reidentifyable as it stands in Article 11. (2). So if the controller does not store the encryption key anymore but the subject provides additional info to identify themselves, they should be reenabled to exercise their rights to access or rectify their data, right to erasure, right to restriction of processing and right to data portability. 6 6 7 7 8 On the other hand the data controller must also assure proper level of security of processing (Article 32 (1) a)and as storing hashkeys separated from the hashed data might be too complicated, maybe deleting personal data is more preferable in most cases. I mean if there are no obligations to keep billing data for X years in case of online shops for example.8 On the other hand the data controller must also assure proper level of security of processing /Article 32 (1) a)/ and as storing hashkeys separated from the hashed data might be too complicated, maybe deleting personal data is more preferable in most cases. I mean if there are no obligations to keep billing data for X years in case of online shops for example. 9 9 10 10