individual participation and access
isiku osalus ja juurdepääs
olemus
ISO/IEC 27018, 29100 jt nõue:
isikuandmesubjekt peab saama
- autenditava juurdepääsu
oma isikutuvastusteabele
(kui seda ei keela kohaldatav õigusakt) ning
- võimaluse parandada ja kõrvaldada
vigaseid või puudulikke andmeid
=
For a PII controller, adhering to the
individual participation and access principle means:
- giving PII principals with the ability to access and review their PII, provided that they are first authenticated
with an appropriate level of assurance (see Table A-1)
and such access is not prohibited by applicable law,
- allowing PII principals to challenge the accuracy and completeness of the PII and have it amended, corrected
or removed as appropriate and possible in the specific context,
- providing any amendment, correction or removal to PII processors and third parties to whom personal data
had been disclosed, where they are known, and
- establishing procedures to enable PII principals to exercise these rights in a simple, fast and efficient way, which do not
entail undue delay or cost nor any profit for the PII controller.
ülevaateid
https://www.kaonsecurity.co.nz/media/1178/iso-and-gdpr-framework-shot.pdf
https://edpb.europa.eu/sites/edpb/files/webform/public_consultation_reply/comments_from_dp_security_consulting_sas_on_the_document_guidelines_4_2019_on_article_25.pdf
https://www.cchfreedom.org/files/files/DHS_Privacy_Assessment_2008_Voluntary.pdf