Hi Shelagh,
I haven’t started this yet for my organisation, but I think where processing is required or permitted I would go with giving the section(s) and the name of the Act. The reason I say this is I think it would be
clearer for the public to be able to see exactly where in the legislation they should look if they wanted to check this out. Giving just the name of potentially huge Acts or pieces of statute might be too vague.
That said, I’ve not started to look at this practically yet!
Best wishes,
Michelle
Michelle Brown
Information Manager
Transport for Greater Manchester
2 Piccadilly Place, Manchester M1 3BG
Direct line: 0161 244 1123, Extension 701123
Please do not print this email unless you
really need to.
From: This list
is for those interested in Data Protection issues [mailto:[log in to unmask]]
On Behalf Of Sheelagh
Sent: 21 December 2017 16:08
To: [log in to unmask]
Subject: [data-protection] lawful basis
Dear wise people,
I’m drafting privacy notices for various organisations. Where the basis for processing is a legal obligation rather than consent how much information do you think needs to be provided without running the risk of becoming too wordy for clarity?
The choices seem to be words such as:
I know which one I prefer but would welcome your kind and helpful thoughts.
Also what if the details were provided as another further step in a layered approach?
Whatever is given on the privacy notices I would expect any Controller worth their salt to have thoroughly documented the exact lawful basis – before it gets questioned!
Of course Chris Pounder’s last log re public interest is germane here.
All best wishes
Sheelagh Keddie
Sheelagh F M Keddie MBCS CITP
Common Sense Privacy Ltd.
Taking care of your information and your business
02083929413
59 Lower Richmond Road
Mortlake
Richmond upon Thames
Middlesex
England
SW14 7HH
Registered office
28 Lyndhurst Avenue
Sunbury-upon-Thames
Middlesex
England
TW16 6QY
All archives of messages are stored permanently and are available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
All user commands can be found at
https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the
body of an otherwise blank email to
[log in to unmask]
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
(Please send all commands to
[log in to unmask] not the list or the moderators, and all requests for technical help to
[log in to unmask], the general office helpline)
This email and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and may contain confidential and/or privileged information. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by individuals or entities other than the intended recipient is prohibited. If you are not the intended recipient please notify the sender immediately and delete the email and any attachments. As a public body, Transport for Greater Manchester may be required to disclose this email or any response to it under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act.
This email has been scanned for all viruses and passed through Content Control by the iCritical Email Security System.