Every day, you need to provide your data. Give your identification documents and contact details to your employer, or the name of your kids and other information to their school, or your medical history to doctors, or your IP to get your location and obtain directions, and so on.
The solution is not to start living in a cave; on the contrary, you should keep on doing your daily activities but paying attention to what you are sharing, to who you are giving access and how is the store and dispose of securely.
Useful? Embed this infographic on your website.
WHO is asking for your data?
It’s important to know who you are giving access to decide whether you trust or not. For instance, you may trust your Bank with your personal data but not their third-party providers of marketing as well as you may trust entities located and processing personal data under EU law and not the ones outside the EU/EEA area.
A way to assess the commitment of the entity that you are thinking to entrust your data is to corroborate the available tools – usually stated under their privacy policies- for you to exercise your rights.
WHAT data has been requested?
For example, it is understandable that your Bank asks for your personal identification documents and contact details to open you a bank account. What would be unexpected is if they ask you for your university grades, or the result of your doctor’s appointments, or your use of dating apps for opening you a bank account. You see, it is important to know what they are asking to decide if it is appropriate or not to provide with.
WHY they need the data for?
You have the right to request what is the intended processing of your data and the legal basis for the processing. For example, you may provide your personal identification and contact details to your Bank and approve the processing of it, as far as it is necessary to open your bank account; but you may not agree to provide it for opening credit lines. They must inform you beforehand, so you can carefully consider and take a decision.
HOW will the data be processed?
By automated means or with a human intervention? What is the logic involved and the envisaged consequences for you? With who your data will be shared? And why? And how the personal data is back up and secure by all the parties intervening when processing your data?
FOR HOW LONG will the data be retained?
Naturally, if you are closing your customer account, the entity should erase your personal data from their records since, there is no more need to process it thus, to retain it. However, there are situations where the entity may need to preserve your data for more extended periods. For example, when you close your bank account, the Bank may keep your information for the next five (5) years to fulfil its legal duties under Anti Money Laundering and Counter-Terrorism Financing. In any case, you need to be informed about it in an easy and timely manner.
The answers of Who, What, Why, How and For How Long, will provide you with the essential information for you to make the best decision when it comes to giving your personal data. Stay safe!
Latest posts by Jessica Lam (see all)
- How to protect your personal data? - March 4, 2019
- Enforcement of judgement: Update CJEU Case C 210/16 - September 7, 2018
- Data Protection and Marketing - August 7, 2018