My favourites

Chapter II – Principles (Art. 5-11)

Art 5 GDPR - Principles relating to processing of personal data arrow_right_alt

Art. 6 GDPR - Lawfulness of processing arrow_right_alt

Art. 7 GDPR - Conditions for consent arrow_right_alt

Art. 8 GDPR - Conditions applicable to child's consent in relation to information society services arrow_right_alt

Art. 9 GDPR - Processing of special categories of personal data arrow_right_alt

Art. 10 GDPR - Processing of personal data relating to criminal convictions and offences arrow_right_alt

Art. 11 GDPR - Processing which does not require identification arrow_right_alt

  1. If the purposes for which a controller processes personal data do not or do no longer require the identification of a data subject by the controller, the controller shall not be obliged to maintain, acquire or process additional information in order to identify the data subject for the sole purpose of complying with this Regulation.
  2. Where, in cases referred to in paragraph 1 of this Article, the controller is able to demonstrate that it is not in a position to identify the data subject, the controller shall inform the data subject accordingly, if possible. In such cases, Articles 15 to 20 shall not apply except where the data subject, for the purpose of exercising his or her rights under those articles, provides additional information enabling his or her identification.
Close tabsclose
  • 57

Recital 57

If the personal data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the data controller.