Content library
Julkri: TL IV-I
TSU-07: Käsittelyn lainmukaisuus

How to fill the requirement

Julkri: TL IV-I

TSU-07: Käsittelyn lainmukaisuus

Task name
Priority
Status
Theme
Policy
Other requirements
Documentation of personal data processing purposes for data stores
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Processing principles and accountability
requirements

Task is fulfilling also these other security requirements

6. Lawfulness of processing
GDPR
18.1.4: Privacy and protection of personally identifiable information
ISO27 Full
30. Records of processing activities
GDPR
A.7.2.2: Identify lawful basis
ISO 27701
A.7.2.8: Records related to processing PII
ISO 27701
1. Task description

Processing of personal data is only lawful if one of the legal bases set out in the General Data Protection Regulation is met. The organization must be able to communicate the purpose of the processing and the legal basis to the data subject and, where appropriate, to the supervisory authority.

The documentation shall include at least:

  • the legal basis for the processing and the necessary additional information
  • the parties to whom the processing has been outsourced
  • related data sets
Implementation and documentation of balance tests
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Processing principles and accountability
requirements

Task is fulfilling also these other security requirements

6. Lawfulness of processing
GDPR
21. Right to object
GDPR
18.1.4: Privacy and protection of personally identifiable information
ISO27 Full
TSU-07: Käsittelyn lainmukaisuus
Julkri
1. Task description

One of the legal grounds for lawful processing of personal data is the implementation of the data controller or a third party's legitimate interests. To determine when a legitimate interest is justified, a so-called balance test is done to weigh controller or a third party interest against the basic rights of the data subject.

When our processing based on a legitimate interest, we document the implementation of the balancing test and its results so that, if necessary, we can demonstrate that our operations comply with GDPR.

Regular self-evaluation of the lawfulness of processing personal data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Processing principles and accountability
requirements

Task is fulfilling also these other security requirements

6. Lawfulness of processing
GDPR
9. Processing of special categories of personal data
GDPR
TSU-07: Käsittelyn lainmukaisuus
Julkri
TSU-07.3: Käsittelyn lainmukaisuus - Erityiset henkilötietoryhmät
Julkri
1. Task description

GDPR defines six main legal bases for the lawful processing of personal data. In addition, more strict requirements apply to processing of special groups of personal data. The legal basis must also be communicated to the data subjects in privacy communication. However, not all legal bases adapt to all situations and the application of certain legal bases imposes additional requirements on the controller.

The Data Protection Officer (or other responsible person) helps to develop the lawfulness of the processing by assessing the legal bases for the different purposes in cooperation with the units carrying out the processing and on the basis of data protection communications.

No items found.