Under GDPR can I avoid divulging a customer's data to the government?What counts as personal data under GDPR?Establishing GDPR consent when the person doesn't access a system themselfIs it possible for non-EU companies to avoid GDPR regulatory issues through filters and firewalls?Is it possible for a publicly accessible, personal blog to make use of the personal use exception of the GDPR?Do web applications as hobby projects need to comply with the GDPR?Allow people to communicate on an international religious non-commercial website without getting into trouble with GDPRHow does GDPR affect a personal web application that uses third parties to authenticate?What is “disclosure by transmission”?Are artificially generated personal data covered by the GDPR?Can you request your personal data from a government agency under GDPR?

Welche normative Autorität hat der Duden? / What's the normative authority of the Duden?

Understanding data transmission rates over copper wire

Rapid change in character

Sort Associations by its Values (which are nested lists)

Printing a list as "a, b, c." using Python

Was it illegal to blaspheme God in Antioch in 360.-410.?

German equivalent to "going down the rabbit hole"

Which is the correct version of Mussorgsky's Pictures at an Exhibition?

How were US credit cards verified in-store in the 1980's?

Cheap oscilloscope showing 16 MHz square wave

What is the following VRP?

What checks exist against overuse of presidential pardons in the USA?

Who declared the Last Alliance to be the "last" and why?

Can UV radiation be safe for the skin?

Can authors email you PDFs of their textbook for free?

What was Captain Marvel supposed to do once she reached her destination?

How do I keep my animals from eating my people food?

'spazieren' - walking in a silly and affected manner?

Simply connected compact Lie groups have even dimension - Where is the mistake?

Could a complex system of reaction wheels be used to propel a spacecraft?

How do I portray irrational anger in first person?

Is it possible for a person to be tricked into becoming a lich?

Journal published a paper, ignoring my objections as a referee

“all of who” or “all of whom”?



Under GDPR can I avoid divulging a customer's data to the government?


What counts as personal data under GDPR?Establishing GDPR consent when the person doesn't access a system themselfIs it possible for non-EU companies to avoid GDPR regulatory issues through filters and firewalls?Is it possible for a publicly accessible, personal blog to make use of the personal use exception of the GDPR?Do web applications as hobby projects need to comply with the GDPR?Allow people to communicate on an international religious non-commercial website without getting into trouble with GDPRHow does GDPR affect a personal web application that uses third parties to authenticate?What is “disclosure by transmission”?Are artificially generated personal data covered by the GDPR?Can you request your personal data from a government agency under GDPR?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








3















Scenario:



  • A business has a legal requirement to obtain a license from a government agency relating to its business activities.

  • The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).

  • The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).

  • The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.

  • The business, the customers, and the government, are all located in the EU.

What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?



My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):




4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;



6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;




This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?






gdpr







share|improve this question
































    3















    Scenario:



    • A business has a legal requirement to obtain a license from a government agency relating to its business activities.

    • The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).

    • The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).

    • The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.

    • The business, the customers, and the government, are all located in the EU.

    What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?



    My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):




    4(2) ‘processing’ means any operation or set of operations which is
    performed on personal data or on sets of personal data, whether or not
    by automated means, such as collection, recording, organisation,
    structuring, storage, adaptation or alteration, retrieval,
    consultation, use, disclosure by transmission, dissemination or
    otherwise making available    , alignment or combination, restriction,
    erasure or destruction;



    6(1) Processing shall be lawful only if and to the extent that
    at least one of the following applies: (c) processing is necessary
    for compliance with a legal obligation     to which the controller is
    subject;




    This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?






    gdpr







    share|improve this question




























      3












      3








      3








      Scenario:



      • A business has a legal requirement to obtain a license from a government agency relating to its business activities.

      • The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).

      • The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).

      • The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.

      • The business, the customers, and the government, are all located in the EU.

      What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?



      My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):




      4(2) ‘processing’ means any operation or set of operations which is
      performed on personal data or on sets of personal data, whether or not
      by automated means, such as collection, recording, organisation,
      structuring, storage, adaptation or alteration, retrieval,
      consultation, use, disclosure by transmission, dissemination or
      otherwise making available      , alignment or combination, restriction,
      erasure or destruction;



      6(1) Processing shall be lawful only if and to the extent that
      at least one of the following applies: (c) processing is necessary
      for compliance with a legal obligation       to which the controller is
      subject;




      This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?






      gdpr







      share|improve this question
















      Scenario:



      • A business has a legal requirement to obtain a license from a government agency relating to its business activities.

      • The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).

      • The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).

      • The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.

      • The business, the customers, and the government, are all located in the EU.

      What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?



      My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):




      4(2) ‘processing’ means any operation or set of operations which is
      performed on personal data or on sets of personal data, whether or not
      by automated means, such as collection, recording, organisation,
      structuring, storage, adaptation or alteration, retrieval,
      consultation, use, disclosure by transmission, dissemination or
      otherwise making available      , alignment or combination, restriction,
      erasure or destruction;



      6(1) Processing shall be lawful only if and to the extent that
      at least one of the following applies: (c) processing is necessary
      for compliance with a legal obligation       to which the controller is
      subject;




      This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?






      gdpr




      gdpr






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 1 hour ago







      JBentley

















      asked 8 hours ago









      JBentleyJBentley

      1506 bronze badges




      1506 bronze badges























          1 Answer
          1






          active

          oldest

          votes


















          4















          Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.



          However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).






          share|improve this answer



























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "617"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f44279%2funder-gdpr-can-i-avoid-divulging-a-customers-data-to-the-government%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            4















            Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.



            However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).






            share|improve this answer





























              4















              Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.



              However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).






              share|improve this answer



























                4














                4










                4









                Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.



                However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).






                share|improve this answer













                Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.



                However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 6 hours ago









                amonamon

                2,3736 silver badges15 bronze badges




                2,3736 silver badges15 bronze badges






























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Law Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f44279%2funder-gdpr-can-i-avoid-divulging-a-customers-data-to-the-government%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

                    Image
                    Internet forum softwarePHP software Internet communityPHPMySQLdatabase management systemInternet forumCharles WarnerMatt MechamJarvis Entertainment GroupIkonboardInvisionFreeAjaxIPS Community ForumsIPS Community Forumsthis blog entry Invision Community From Wikipedia, the free encyclopedia Jump to navigation Jump to search Invision Community Developer(s) Invision Power Services Stable release 4.4.6 / August 19, 2019 ; 34 days ago  ( 2019-08-19 ) Platform PHP / MySQL Type Forum software License Proprietary Website invisioncommunity.com Invision Community (previously known as IPS Community Suite ) is primarily an Internet community software produced by Invision Power Services, Inc. It is written in PHP and uses MySQL as a database management system. Invision Power Services sell applications that each can be bought and installed separately in addition to the Suite, the most widely known being the Internet forum software Invision Power Board. Invisi
                    Read more

                    Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

                    Image
                    Would it be easier to colonise a living world or a dead world? Postal services in Italy - Poste Italiane vs. Friendpost vs. GPS What is /dev/null and why can't I use hx on it? Why are engines with carburetors hard to start in cold weather? How to make a gift without seeming creepy? Without exposing his identity, did Roy help his parents with money so that they can afford to stay in their home? Does the Creighton Method of Natural Family Planning have a failure rate of 3.2% or less? How do I break the broom in Untitled Goose Game? Had there been instances of national states banning harmful imports before the mid-19th C Opium Wars? D&D Monsters and Copyright Is sleeping on the groud in cold weather better than on an air mattress? Transiting through Switzerland by coach with lots of cash quadratic equations on 2 by 2 matrices Always Lubricate Skewers? I pay for a service, but I miss the broadcast Iron-age tools, is there a way to extract heavy metals
                    Read more

                    Ласкавець круглолистий Зміст Опис | Поширення | Галерея | Примітки | Посилання | Навігаційне меню58171138361-22960890446Bupleurum rotundifoliumEuro+Med PlantbasePlants of the World Online — Kew ScienceGermplasm Resources Information Network (GRIN)Ласкавецькн. VI : Літери Ком — Левиправивши або дописавши її

                    Image
                    ЛаскавецьФлора УкраїниФлора ЄвропиФлора АфрикиФлора АзіїРослини, описані 1753 ОкружковіОднорічнатрав'яниста рослинаАфриціЄвропіАзіїУкраїні Ласкавець круглолистий Матеріал з Вікіпедії — вільної енциклопедії. Перейти до навігації Перейти до пошуку ? Ласкавець круглолистий Біологічна класифікація Домен: Ядерні (Eukaryota) Царство: Зелені рослини (Viridiplantae) Відділ: Вищі рослини (Streptophyta) — Судинні (Tracheophyta) — Покритонасінні (Angiospermae) — Евдикоти (Eudicots) — Айстериди (Asterids) Порядок: Аралієцвіті (Apiales) Родина: Окружкові (Apiaceae) Підродина: Селерові (Apioideae) Триба: Bupleureae Рід: Ласкавець ( Bupleurum ) Вид: Ласкавець круглолистий Біноміальна назва Bupleurum rotundifolium L., 1753 Посилання Вікісховище: Bupleurum rotundifolium Віківиди: Bupleurum rotundifolium EOL: 581711 IPNI: 38361-2 ITIS: 29608 NCBI: 90446 Ласкавець круглолистий [1] [1] [2] ( Bupleurum rotundifolium ) — вид рослин родини Окружкові (Apiaceae)
                    Read more