Mfcttrf

Welche normative Autorität hat der Duden? / What's the normative authority of the Duden?

Understanding data transmission rates over copper wire

Rapid change in character

Sort Associations by its Values (which are nested lists)

Printing a list as "a, b, c." using Python

Was it illegal to blaspheme God in Antioch in 360.-410.?

German equivalent to "going down the rabbit hole"

Which is the correct version of Mussorgsky's Pictures at an Exhibition?

How were US credit cards verified in-store in the 1980's?

Cheap oscilloscope showing 16 MHz square wave

What is the following VRP?

What checks exist against overuse of presidential pardons in the USA?

Who declared the Last Alliance to be the "last" and why?

Can UV radiation be safe for the skin?

Can authors email you PDFs of their textbook for free?

What was Captain Marvel supposed to do once she reached her destination?

How do I keep my animals from eating my people food?

'spazieren' - walking in a silly and affected manner?

Simply connected compact Lie groups have even dimension - Where is the mistake?

Could a complex system of reaction wheels be used to propel a spacecraft?

How do I portray irrational anger in first person?

Is it possible for a person to be tricked into becoming a lich?

Journal published a paper, ignoring my objections as a referee

“all of who” or “all of whom”?

Under GDPR can I avoid divulging a customer's data to the government?

What counts as personal data under GDPR?Establishing GDPR consent when the person doesn't access a system themselfIs it possible for non-EU companies to avoid GDPR regulatory issues through filters and firewalls?Is it possible for a publicly accessible, personal blog to make use of the personal use exception of the GDPR?Do web applications as hobby projects need to comply with the GDPR?Allow people to communicate on an international religious non-commercial website without getting into trouble with GDPRHow does GDPR affect a personal web application that uses third parties to authenticate?What is “disclosure by transmission”?Are artificially generated personal data covered by the GDPR?Can you request your personal data from a government agency under GDPR?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

3

Scenario:

• A business has a legal requirement to obtain a license from a government agency relating to its business activities.


• The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).


• The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).


• The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.


• The business, the customers, and the government, are all located in the EU.

What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?

My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):

4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;

6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;

This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?

gdpr

share|improve this question

edited 1 hour ago

JBentley

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

add a comment | 

3

Scenario:

• A business has a legal requirement to obtain a license from a government agency relating to its business activities.


• The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).


• The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).


• The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.


• The business, the customers, and the government, are all located in the EU.

What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?

My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):

4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;

6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;

This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?

gdpr

share|improve this question

edited 1 hour ago

JBentley

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

add a comment | 

Scenario:

• A business has a legal requirement to obtain a license from a government agency relating to its business activities.


• The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).


• The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).


• The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.


• The business, the customers, and the government, are all located in the EU.

What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?

My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):

4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;

6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;

This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?

gdpr

share|improve this question

edited 1 hour ago

JBentley

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

share|improve this question

edited 1 hour ago

JBentley

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

share|improve this question

edited 1 hour ago

JBentley

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

1 Answer
1

active

oldest

votes

4

Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.

However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).

share|improve this answer

answered 6 hours ago

amonamon

2,37366 silver badges1515 bronze badges

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "617"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f44279%2funder-gdpr-can-i-avoid-divulging-a-customers-data-to-the-government%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

4

Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.

However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).

share|improve this answer

answered 6 hours ago

amonamon

2,37366 silver badges1515 bronze badges

add a comment | 

4

Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.

However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).

share|improve this answer

answered 6 hours ago

amonamon

2,37366 silver badges1515 bronze badges

add a comment | 

Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.

However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).

share|improve this answer

answered 6 hours ago

amonamon

2,37366 silver badges1515 bronze badges

share|improve this answer

answered 6 hours ago

amonamon

2,37366 silver badges1515 bronze badges

answered 6 hours ago

amonamon

2,37366 silver badges1515 bronze badges

answered 6 hours ago

amonamon

2,37366 silver badges1515 bronze badges