Difference between revisions of "Redress"
(→Context) |
(→Context) |
||
| Line 6: | Line 6: | ||
Redress, like any access to user personal data requires strong authentication of the [[Subject]]. The following paragraph 57 of the [[GDPR]] should help clarify this function. | Redress, like any access to user personal data requires strong authentication of the [[Subject]]. The following paragraph 57 of the [[GDPR]] should help clarify this function. | ||
| − | If the personal data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the | + | If the personal data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the [[Data Controller]]. |
==Problems== | ==Problems== | ||
Revision as of 11:49, 29 July 2018
Full Title or Meme
The problem of responding to users' issues in a digital ecosystem.
Context
Redress, like any access to user personal data requires strong authentication of the Subject. The following paragraph 57 of the GDPR should help clarify this function.
If the personal data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the Data Controller.
