The draft “Regulation on Erasure, Destruction or Anonymization of Personal Data” was published!
The Data Protection Authority published the draft “Regulation on Erasure, Destruction or Anonymization of Personal Data” (“Draft Regulation”) and made it available for public assessment. Board welcomes any opinions or suggestions until 12.06.2017.
Draft “Regulation on Data Controller Registry” was published not long ago and it has raised many questions among the Data Protection world. Main concern regarding the draft “Regulation on Data Controller Registry” was that it had far too many vague and new terms.
Newly published Draft Regulation addresses one of those vague and new terms and fills that much-needed gap. Draft Regulation sets the rules of when processing personal data is not lawful and should be erased, destructed or anonymized. Processes of erasure, destruction and anonymization are also described in details.
Draft Regulation states that preparing a policy on personal data retention and destruction is an obligation for the data controllers under enrollment obligation and policy shall be prepared according to the personal data processing inventory. However exemptions of enrollment obligation still remains a mystery.