Xjyuk

How to understand payment due date for credit card?

What is this "opened" cube called?

Lob Logical Read and lob read-ahead reads in NCCI

Is it possible for a person to be tricked into becoming a lich?

What is the motivation behind designing a control stick that does not move?

How can I improve my formal definitions

How to save money by shopping at a variety of grocery stores?

What is the practical impact of using System.Random which is not cryptographically random?

Can I leave a large suitcase at TPE during a 4-hour layover, and pick it up 4.5 days later when I come back to TPE on my way to Taipei downtown?

What are the in-game differences between WoW Classic and the original 2006 Version

Is "prohibition against," a double negative?

How were US credit cards verified in-store in the 1980's?

Eshet Chayil in the Tunisian service

Moscow SVO airport, how to avoid scam taxis without pre-booking?

What are ways to record who took the pictures if a camera is used by multiple people?

Journal published a paper, ignoring my objections as a referee

Calculate Landau's function

Can two aircraft be allowed to stay on the same runway at the same time?

Do universities maintain secret textbooks?

Can inductive kick be discharged without freewheeling diode, in this example?

How to differentiate between two people with the same name in a story?

Sum and average calculator

How do I portray irrational anger in first person?

What am I looking at here at Google Sky?

Under GDPR can I avoid divulging a customer's data to the government?

What counts as personal data under GDPR?Establishing GDPR consent when the person doesn't access a system themselfIs it possible for non-EU companies to avoid GDPR regulatory issues through filters and firewalls?Is it possible for a publicly accessible, personal blog to make use of the personal use exception of the GDPR?Do web applications as hobby projects need to comply with the GDPR?Allow people to communicate on an international religious non-commercial website without getting into trouble with GDPRHow does GDPR affect a personal web application that uses third parties to authenticate?What is “disclosure by transmission”?Are artificially generated personal data covered by the GDPR?Can you request your personal data from a government agency under GDPR?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

3

Scenario:

• A business has a legal requirement to obtain a license from a government agency relating to its business activities.


• The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).


• The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).


• The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.


• The business, the customers, and the government, are all located in the EU.

What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?

My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):

4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;

6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;

This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?

gdpr

share|improve this question

edited 1 hour ago

JBentley

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

add a comment | 

3

Scenario:

• A business has a legal requirement to obtain a license from a government agency relating to its business activities.


• The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).


• The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).


• The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.


• The business, the customers, and the government, are all located in the EU.

What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?

My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):

4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;

6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;

This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?

gdpr

share|improve this question

edited 1 hour ago

JBentley

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

add a comment | 

Scenario:

• A business has a legal requirement to obtain a license from a government agency relating to its business activities.


• The business activities have already being undertaken and there is no way to avoid the need for the license (e.g. by ceasing the activities).


• The license application form asks for customers' personal data (names plus basic details relating to their contracts e.g. dates).


• The business feels uncomfortable divulging such data to the government, and is pretty sure their customers would be unhappy if they knew about it.


• The business, the customers, and the government, are all located in the EU.

What is the position in relation to GDPR? Can the business refuse to complete the relevant sections of the license application?

My starting point is GDPR Articles 4(2) and 6(1)(c) (emphasis added):

4(2) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;

6(1) Processing shall be lawful only if and to the extent that
at least one of the following applies: (c) processing is necessary
for compliance with a legal obligation to which the controller is
subject;

This would seem to indicate to me that the business does indeed have to divulge the information. Is this correct?

gdpr

share|improve this question

edited 1 hour ago

JBentley

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

share|improve this question

edited 1 hour ago

JBentley

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

share|improve this question

edited 1 hour ago

JBentley

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

asked 8 hours ago

JBentleyJBentley

15066 bronze badges

1 Answer
1

active

oldest

votes

4

Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.

However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).

share|improve this answer

answered 7 hours ago

amonamon

2,37366 silver badges1515 bronze badges

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "617"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f44279%2funder-gdpr-can-i-avoid-divulging-a-customers-data-to-the-government%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

4

Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.

However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).

share|improve this answer

answered 7 hours ago

amonamon

2,37366 silver badges1515 bronze badges

add a comment | 

4

Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.

However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).

share|improve this answer

answered 7 hours ago

amonamon

2,37366 silver badges1515 bronze badges

add a comment | 

Your analysis so far seems correct. You must comply with all applicable laws. The GDPR's Art 6(1)(c) legal basis clarifies that having to provide personal data is no excuse: that legal obligation is all the legal basis you need for sharing the personal data in accordance with your obligations.

However, that legal basis doesn't generally excuse you from your other data controller obligations. For example, you should still inform the data subjects about the processing as per Art 13(3).

share|improve this answer

answered 7 hours ago

amonamon

2,37366 silver badges1515 bronze badges

share|improve this answer

answered 7 hours ago

amonamon

2,37366 silver badges1515 bronze badges

answered 7 hours ago

amonamon

2,37366 silver badges1515 bronze badges

answered 7 hours ago

amonamon

2,37366 silver badges1515 bronze badges