GDPR Requirements
Personal data must only be collected for specified, explicit and legitimate purposes and may not be further processed in an incompatible manner. Further processing for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes (Article 89 (1)) must not be considered incompatible with the original purposes (Article 5 (1b)).
Resulting Challenge
Processing purposes must be clearly identifiable from data protection declaration. Data may only be accessible for the processing operations that are necessary for the stated purpose.
Technical Solution Approach
Provision of a statement describing the purposes of personal data processing. In addition, two cases must be distinguished for the service implementation.
- Data is stored centrally: We recommend to logically divide processes according to processing purposes (business capability). The data is stored together with the declared purpose. This enables access control of the processing processes to the stored data with the processing purpose as access policy.
- Each process stores data (decentralized): This includes that each service component stores data independently and redundantly. The processing of data must remain clearly assigned to purposes.
Checklist:
- Are clear and legitimate processing purposes established?
- Does the privacy statement describe all processing purposes?
- Are processing operations (service components) divided into processing purposes?
- Is stored data explicitly assigned with purpose attributes? Is data exclusively stored for a specific purpose in isolated processing components (operations)?
