Limit processing

The organization should limit the processing of PII to that which is adequate, relevant and necessary for the identified purposes. ... - Licensed content not shown -


Art.6: The operations of personal data processing must be performed in good faith and follow these principles: I – Purpose: Performing the processing for legitimate, specific, and explicit purposes that the data subject is informed of, without the possibility of further processing in a manner that is incompatible with those purposes; II – Adequacy: Compatibility of the processing with the purposes that the data subject was informed of, according to the context of the processing; III – Necessity: Limitation of processing to the minimum necessary for fulfilling its purposes, using pertinent, proportional and non-excessive data in relation to the purposes of processing; IV – Free Access: Guarantee, to the data subjects, of the ability to easily query free of charge the means and duration of processing, as well as the integrity of their personal data; V – Data Quality: Guarantee, to the data subjects, of accuracy, clarity, relevance, and updating of data, according to the need and to fulfill the purpose of its processing; VI – Transparency: Guarantee, to the data subjects, of clear, precise, and easily-accessible information regarding the processing and the respective processing agents, respecting commercial and industrial secrecy; VII – Security: Use of technical and administrative measures suitable to protect personal data from unauthorized access and accidental or illicit destruction, loss, change, communication, or dissemination events; VIII – Prevention: Adoption of measures to prevent the occurrence of damage as result of the processing of personal data; IX – Non-Discrimination: Impossibility of processing for illegal or abusive discriminatory purposes; X – Liability and Accountability: Demonstration, by the processing agent, that effective measures capable of proving the observance and compliance with personal data protection rules, including the efficacy of these measures, is adopted. Processing of personal data activities must be in good faith and, among others, be for notified purpose(s), necessary and transparent (Art 6) If testing is not...
Art.10: The controller’s legitimate interest may only justify the processing of personal data for legitimate purposes, considered from concrete situations, which include but are not limited to: I – Support and promotion of the controller’s activities; and II – Protection, in relation to the data subjects, of the regular exercise of their rights or provision of services that benefit them, respecting their legitimate expectations and the fundamental rights and freedoms, under the terms of this Law. § 1 When the processing is based on the legitimate interest of the controller, only data strictly necessary for the intended purpose may be processed. § 2 The controller must adopt measures to guarantee transparency in the processing of data based on its legitimate interest. § 3 The National Data Protection Authority may request from the controller a personal data protection impact report, when the processing is based on its legitimate interest, respecting commercial and industrial secrecy