GDPR Article 18 deals with a data subject’s ability to request the blocking of data where, processing activities have been deemed unlawful.
Under GDPR law, data subjects can limit the amount of processing that’s performed on their data.
If an individual asks a data controller to restrict their processing activities, organisations are only then allowed to store said data, and are unable to share it with third parties or process it in any other way without the data subject’s express consent.
Right to restriction of processing
Right to restriction of processing
Data subjects have four legal grounds through which to make a request that restricts the processing of their data:
Organisations are able to fall back upon a series of conditions that allow them to continue to process the data in the same way, even though a request has been received to restrict such operations:
To form a legal basis for processing PII, organisations should confirm and document:
Organisations need to document the information that PII principals receive, relating to the processing of PII.
Organisations should adhere to a set of requirements that dictate when information is to be provided to PII principals
In this section we talk about GDPR Articles 18 (1)(a), 18 (1)(b), 18 (1)(c) and 18 (1)(d)
Organisations need to provide a mechanism for data subjects who want to withdraw consent (that are in accordance with the methods first used to collect the data). Data subjects should also be able to restrict the organisation from performing certain action.
When facilitating the above two functions, organisations should adhere to reasonable response and resolution times that adequately reflect the level of work required.
GDPR Article | ISO 27701 Clause | ISO 27701 Supporting Clauses |
---|---|---|
EU GDPR Article 18 (2) | ISO 27701 7.2.2 | None |
EU GDPR Article 18 (3) | ISO 27701 7.3.2 | None |
EU GDPR Articles 18 (1)(a), 18 (1)(b), 18 (1)(c) and 18 (1)(d) | ISO 27701 7.3.4 | None |
ISMS.online makes it easy for you to jump straight into your journey to GDPR compliance and to easily demonstrate level of protection that goes beyond ‘reasonable’, all in one secure, always-on location.
The ISMS.online platform has built-in guidance at each step combined with our ‘Adopt, Adapt, Add’ implementation approach so the effort required to demonstrate your approach to GDPR is substantially reduced. You will also benefit from a range of powerful time-saving features.
Find out more by booking a short demo today.