TRILANTICServicesSectorsPartnersResourcesAbout UsContact Us
Case StudiesTRILANTIC NewsletterFree Trial with your DataCost Savings CalculatorAsk The Experts
Document Library
Industrial Links
Glossary
News ReleasesFeatured Articles
Media KitForthcoming EventsEuropean Data Protection Rules

What Needs to be Done Prior to Collection


Contact the data subject

Contact the Data Protection Ombudsman


Section 24 — Information on the processing of data


(1) When collecting personal data, the controller shall see to that the data subject can have information on the controller and, where necessary, the representative of the controller, on the purpose of the processing of the personal data, on the regular destinations of disclosed data, as well as on how to proceed in order to make use of the rights of the data subject in respect to the processing operation in question. This information shall be provided at the time of collection and recording of the data or, if the data is obtained from elsewhere than the data subject and intended for disclosure, at the latest at the time of first disclosure of the data.

(2) The duty of providing information, referred to above in paragraph (1), may be derogated from:

(1) if the data subject already has the relevant information;

(2) if this is necessary for the protection of national security, defence or public order or security, for the prevention or investigation of crime or for carrying out the monitoring function pertaining to taxation or the public finances; or

(3) where the data is collected from elsewhere than the data subject, if the provision of the information to the data subject is impossible or unreasonably difficult, or if it significantly damages or inconveniences the data subject or the purpose of the processing of the data and the data is not used when making decisions relating to the data subject, or if there are specific provisions in an Act on the collection, recording or disclosure of the data.


Contact the Data Protection Ombudsman


Section 36 — Duty of notification


(1) The controller shall notify the Data Protection Ombudsman of automated data processing by sending a description of the file to that authority.

(2) In addition, the controller shall notify the Data Protection Ombudsman of:

(1) the transfer of personal data to outside the European Union or the European Economic Area, if the data is transferred on the grounds provided in section 22 or 23(6) or (7) and there is no statutory provision on the same;

(2) on the launching of an automated decision-making system referred to in section 31.

(3) Anyone who is engaged in credit data activity or carrying out debt collection or market or opinion research as a business, or operating in recruitment, personnel assessment or computing on the behalf of another, and who uses or processes files or personal data in this activity, shall notify the same to the Data Protection Ombudsman.

(4) The duty of notification referred to above in paragraph (1) does not apply, if the processing of personal data is based on section 8(1)(1)—(3), on section 8(1)(4) if so provided by law, on a client or service relationship or membership referred to in section 8(1)(5), on section 8(1)(6) or (9), on section 12(1)—(4), on section 12(5) if so provided by law, on section 12(7)—(10), (12) or (13), or on sections 13—18 or 20. The duty of notification may also be derogated from as provided by Decree, if it is evident that the processing of personal data does not compromise the protection of the privacy of the data subject, or his/her rights or freedoms.


Section 37 — Notification


(1) The notification referred to above in section 36(2)(1) shall indicate the information contained in the description of the file and also the types of data being transferred and how the transfer is carried out.

(2) The notification referred to above in section 36(2)(2) shall indicate the information contained in the description of the file and also the logical construction of the system.

(3) The notification referred to above in section 36(3) shall indicate the name, field of business, domicile and address of the trader or business, the personal data files used in the activity and the type of data contained therein, the disclosure of data from the file, the duration of storage of recorded data, the technical measures for securing the data and the measures for monitoring the use of the personal data files.

(4) The notification shall be made well in advance of the collection or recording of the data to be recorded into the file or of the carrying out of another measure giving rise to the duty of notification; in any event, it shall at the latest be made 30 days before the same.


The website includes copies of the forms needed to notify the Ombudsman.

© TRILANTIC - All rights reserved. | Disclaimer | Client Login