Under GDPR can I avoid divulging a customer's data to the government?What counts as personal data under...
Under GDPR, can I give permission once to allow everyone to store and process my data?
Can two aircraft be allowed to stay on the same runway at the same time?
Journal published a paper, ignoring my objections as a referee
Can copper pour be used as an alternative to large traces?
What is a "hashed transaction" in SQL Server Replication terminology?
Understanding data transmission rates over copper wire
Why did I get UK entry stamps in my British passport?
Was it illegal to blaspheme God in Antioch in 360.-410.?
Eliminate key lookup in execution plan
What checks exist against overuse of presidential pardons in the USA?
Is this homebrew "Faerie Fire Grenade" unbalanced?
Why doesn't Starship have four landing legs?
What is the motivation behind designing a control stick that does not move?
In what language did Túrin converse with Mím?
How to investigate an unknown 1.5GB file named "sudo" in my Linux home directory?
Attach wall "peg" with dowel screw
Resources to learn about firearms?
Am I required to correct my opponent's assumptions about my morph creatures?
What caused the end of cybernetic implants?
Necessity of tenure for lifetime academic research
What was Captain Marvel supposed to do once she reached her destination?
What's the origin of the concept of alternate dimensions/realities?
I was given someone else's visa, stamped in my passport
'Horseshoes' for Deer?
Under GDPR can I avoid divulging a customer's data to the government?
What counts as personal data under GDPR?Establishing GDPR consent when the person doesn't access a system themselfIs it possible for non-EU companies to avoid GDPR regulatory issues through filters and firewalls?Is it possible for a publicly accessible, personal blog to make use of the personal use exception of the GDPR?Do web applications as hobby projects need to comply with the GDPR?Allow people to communicate on an international religious non-commercial website without getting into trouble with GDPRHow does GDPR affect a personal web application that uses third parties to authenticate?What is “disclosure by transmission”?Are artificially generated personal data covered by the GDPR?Can you request your personal data from a government agency under GDPR?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
Scenario:
- A business has a legal requirement to obtain a license from a government agency relating to its business activities.
- The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).
- The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).
- The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.
- The business, the customers, and the government, are all located in the EU.
What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?
My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):
4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;
6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;
This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?
gdpr
asked 12 hours ago
JBentleyJBentley
1506 bronze badges
add a comment |
Scenario:
- A business has a legal requirement to obtain a license from a government agency relating to its business activities.
- The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).
- The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).
- The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.
- The business, the customers, and the government, are all located in the EU.
What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?
My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):
4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;
6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;
This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?
gdpr
asked 12 hours ago
JBentleyJBentley
1506 bronze badges
add a comment |
Scenario:
- A business has a legal requirement to obtain a license from a government agency relating to its business activities.
- The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).
- The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).
- The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.
- The business, the customers, and the government, are all located in the EU.
What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?
My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):
4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;
6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;
This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?
gdpr
asked 12 hours ago
JBentleyJBentley
1506 bronze badges
Scenario:
- A business has a legal requirement to obtain a license from a government agency relating to its business activities.
- The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).
- The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).
- The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.
- The business, the customers, and the government, are all located in the EU.
What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?
My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):
4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;
6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;
This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?
gdpr
gdpr
asked 12 hours ago
JBentleyJBentley
1506 bronze badges
asked 12 hours ago
JBentleyJBentley
1506 bronze badges
edited 5 hours ago
JBentley
asked 12 hours ago
JBentleyJBentley
1506 bronze badges
asked 12 hours ago
JBentleyJBentley
1506 bronze badges
asked 12 hours ago
JBentleyJBentley
1506 bronze badges
1506 bronze badges
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.
However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).
answered 10 hours ago
amonamon
2,3736 silver badges15 bronze badges
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "617"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f44279%2funder-gdpr-can-i-avoid-divulging-a-customers-data-to-the-government%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.
However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).
answered 10 hours ago
amonamon
2,3736 silver badges15 bronze badges
add a comment |
Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.
However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).
answered 10 hours ago
amonamon
2,3736 silver badges15 bronze badges
add a comment |
Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.
However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).
answered 10 hours ago
amonamon
2,3736 silver badges15 bronze badges
Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.
However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).
answered 10 hours ago
amonamon
2,3736 silver badges15 bronze badges
answered 10 hours ago
amonamon
2,3736 silver badges15 bronze badges
answered 10 hours ago
amonamon
2,3736 silver badges15 bronze badges
answered 10 hours ago
amonamon
2,3736 silver badges15 bronze badges
2,3736 silver badges15 bronze badges
add a comment |
add a comment |
Thanks for contributing an answer to Law Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f44279%2funder-gdpr-can-i-avoid-divulging-a-customers-data-to-the-government%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
