What is this data used for under the GDPR?
Posted: Mon Feb 17, 2025 6:46 am
The General Data Protection Regulation has recently shed light on the notions of personal, sensitive and anonymous data. It also established standards and requirements that must be considered by all types of companies, since anyone who processes data is subject to this law.
Personal data should be processed only for legal reasons. One of them is the consent of the interested party, which must be clear, provided after demonstrating the real purpose of the use of the data.
Other requirements are:
legal obligation,
protection of the life of the holder,
implementation of public policies,
credit protection,
inter alia.
Sensitive data can also only be handled under pre-established conditions, such as studies for research organizations, exercising rights, fraud prevention, protection of life, among others. In other words, special care is needed, as we have already discussed.
Anonymized data is, by definition, exempt from GDPR . If the data is truly non-identifiable, there is no need to pay attention to the requirements of the law, since it is not personal data.
In addition, some of the anonymization techniques mentioned above are adopted as a solution to manage the problem of adaptation to the standard.
What is being debated a lot these days is the level of anonymization that is possible with current techniques. There are researchers who support the idea that the methods never succeed in reversing this link with the original data, so they always become pseudo-anonymous. In this case, it is essential to understand the law and comply with it.
In addition to these general considerations, the ukraine phone number list GDPR proposes some structural concerns that should be part of the company's mindset and culture . First, it is necessary to stipulate a very specific and clear purpose for the use of the data and express it unambiguously to the data subjects. Once this purpose is established, it is only necessary to retain the data until it is fulfilled.
Another important point is free access. The data subject must be free to consult his data, modify it, transfer it to other databases and even delete it at any time, even after having given his consent. This is the great differential issue of privacy laws such as the GDPR (General Data Protection Regulation) and the laws of each country on the subject: the total focus on the data subject.
The following rights of individuals with regard to their data are currently officially recognized:
to be forgotten;
right to information;
right of access;
to request changes to your data;
to withdraw consent;
right to object;
to data portability.
Personal data should be processed only for legal reasons. One of them is the consent of the interested party, which must be clear, provided after demonstrating the real purpose of the use of the data.
Other requirements are:
legal obligation,
protection of the life of the holder,
implementation of public policies,
credit protection,
inter alia.
Sensitive data can also only be handled under pre-established conditions, such as studies for research organizations, exercising rights, fraud prevention, protection of life, among others. In other words, special care is needed, as we have already discussed.
Anonymized data is, by definition, exempt from GDPR . If the data is truly non-identifiable, there is no need to pay attention to the requirements of the law, since it is not personal data.
In addition, some of the anonymization techniques mentioned above are adopted as a solution to manage the problem of adaptation to the standard.
What is being debated a lot these days is the level of anonymization that is possible with current techniques. There are researchers who support the idea that the methods never succeed in reversing this link with the original data, so they always become pseudo-anonymous. In this case, it is essential to understand the law and comply with it.
In addition to these general considerations, the ukraine phone number list GDPR proposes some structural concerns that should be part of the company's mindset and culture . First, it is necessary to stipulate a very specific and clear purpose for the use of the data and express it unambiguously to the data subjects. Once this purpose is established, it is only necessary to retain the data until it is fulfilled.
Another important point is free access. The data subject must be free to consult his data, modify it, transfer it to other databases and even delete it at any time, even after having given his consent. This is the great differential issue of privacy laws such as the GDPR (General Data Protection Regulation) and the laws of each country on the subject: the total focus on the data subject.
The following rights of individuals with regard to their data are currently officially recognized:
to be forgotten;
right to information;
right of access;
to request changes to your data;
to withdraw consent;
right to object;
to data portability.