When you need more time to decide whether your data should be deleted from an organization's system, you can restrict processing. This right is important because it gives you time and assurance that your data won't be utilized while concerns or errors are being addressed.
What it is
The right to restrict processing allows you to request an organization to only store your data without using or sharing it. Typically, this occurs when you're exercising your right to object, erasure, or rectification, and you want the organization to refrain from using the disputed information for any purpose other than dealing with your request. Upon your request, the organization will continue storing your data but will do it in a different system or place a block on it.
This right is also an alternative to erasure. You might want to prevent an organization from using certain personal information for other purposes while still keeping that information on file.
You can use your right to restrict processing:
Two important notes:
1. You cannot restrict processing forever. It can only be done until the reason for the restriction is resolved, such as when the organization corrects or deletes your data. In the case of unlawful processing, the restriction usually lasts until you consent to processing or delete your data from their system. Regardless, the organization must notify you before lifting the restriction.
2. You cannot request restriction if your data is needed for a legal purpose or in the public interest.
Example story
A new bank on the domestic market offers good home loan deals. Tom is buying a new house and so decides to switch banks. He asks the 'old' bank to close down all accounts and request to have all his personal details deleted. The old bank, however, is subject to a law obliging banks to store all customer details for 10 years. The old bank is legally obliged to store his data, but he can still ask for restrictions on the data to ensure that it's not accidentally used for unwanted purposes.
Curious to see all the organizations that are holding your data?
Bitdefender Digital Identity Protection shows you what companies and organizations have your information and comes with pre-written emails for them to retrieve or delete your information. All you have to do is fill in your name and press "send."
How to Restrict Processing:
You can send your request through email, letter, fax, or an online form, as long as you have a written record of the request. Look for the relevant email address in the "privacy policy" or "contact us" section of the controller's website.
In your request:
What to Expect:
Once they receive your request, they have one month to respond, with a possible extension of two months in complex cases.
If the organization decides not to restrict processing, rejects your request, tries to unjustifiably charge you, or fails to confirm the restriction within the deadline, you have the right to file a complaint with a data protection authority in your country.
In the US. The CCPA, and the Nevada Privacy Law allow residents to prohibit a business from selling their personal information. The Virginia CDPA, Colorado Privacy Act, and Connecticut Privacy Act, provide a right to restrict processing for the purposes of sale, targeted advertising, and profiling. The Utah Consumer Privacy Act provides a slightly narrower right to restrict processing for the purposes of sale or targeted advertising.
Sources: European Commission, noyb.eu, Data Protection Laws and Regulations USA 2023
tags
Cristina is a freelance writer and a mother of two living in Denmark. Her 15 years experience in communication includes developing content for tv, online, mobile apps, and a chatbot.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024
July 25, 2024