“Processing of personal data relating to criminal convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when the processing is authorised by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.”
This article applies to all data regarding criminal allegations, proceedings, convictions and data linked to related security measures.
To process this type of personal data, the controller always has to comply with Art. 5, Art. 6 GDPR and also meet the requirements in Art. 10 GDPR. Art. 10 states that processing of personal data regarding criminal convictions and offences only can be carried out if:
- Official authorities have control of the processing;
- or if the processing is authorised by Union or Member State law.
Need templates, second opinion or support for your DPAs?
Connect with leading experts with a multitude of templates. Reviewing a customer DPA – ask for a second opinion from our experts. Track record with leading European startup, mid-size companies and listed global enterprises.
Get a quote today from the business law firm Sharp Cookie Advisors