Private databases & Registers
Private databases and registers are ones which are owned by private entities such as companies and organisations. The collection, storage and use of your personal data in private databases and registers may result in the violation of your right to private life if not done lawfully.
Data processing in private databases and registers is allowed only under specific conditions. These conditions are exhaustively listed in the General Data Protection Regulation.
Unlike public databases, the inclusion of your personal information in private databases is usually voluntary and requires your consent. This means that you can freely choose whether to agree to have your personal information stored in a private database. Remember that you can also always withdraw your consent.
example If you decide to open a bank account, your consent is required to have your personal identification and contact details stored in the database of the bank. Both the opening of the bank account and your consent are voluntarily given. Naturally, if you are not willing to provide your personal information and give your consent to store the information, you will simply not be allowed to open the bank account.
All activities regarding the processing of personal data should be proportionate. It must be necessary and suitable for the particular purpose and not of excessive scope. This means that the type and volume of data collected and stored should be appropriate and not excessive in relation to the purposes for which it is being collected and stored.
Data should also not be stored longer than necessary. Moreover, the data should not be processed further for other purposes than were initially determined. In such a case, your consent is required.
Data should not be disclosed to third parties, such as other companies, authorities or persons, without your consent, unless there are the specific situations listed exhaustively in the law.
There shall be adequate and effective guarantees against the abuse and misuse of your data by data users. Read more how to protect yourself in such situations.
Applicable as of 25 May 2018
Articles 6, 9 and 10
Joint publication by the the EU Agency for Fundamental Rights and the Council of Europe