Satori selected as a representative vendor in the Gartner Market Guide for Data Security Platforms 🎉

Log In

Book a Demo
Guide: Data Privacy

Right to Restriction of Processing

To fully leverage data in any organization, the data needs to be processed. Without processing, analyzing mass amounts of data becomes nearly impossible. Oftentimes, organizations rely on third parties to process the data they collect and store. This helps drive insights from the data at a rapid pace without interrupting regular operations.

However, the GDPR gives citizens in the EU and UK the right to restrict the processing of their personal data. This right comes with specific rules data controllers must follow. Despite this right, citizens must meet certain circumstances to exercise their right to restrict processing.

This article covers your obligations when complying with the GDPR’s right to the restriction of processing.

 

To learn more about Data Privacy with Satori read our Data Privacy Guide.

What is the Right to Restriction of Processing?

The right to restriction of processing is a fundamental right under the General Data Protection Regulation (GDPR). It gives individuals the right to request that a controller (an organization that processes personal data) restricts the processing of their personal data in certain circumstances.

By exercising the right to restriction of processing, individuals can request that the controller restricts the processing of their personal data. They can also request that the controller stores their personal data, but no longer processes it.

To exercise the right to restriction of processing, individuals must meet specific criteria. These criteria include any of the following circumstances:

  • When the individual contests the accuracy of the personal data.
  • When the processing is unlawful.
  • When the controller no longer needs the personal data for processing.
  • When the individual has objected to the processing and the controller is considering whether there is a legitimate interest in continuing the processing.

 

The right to restriction of processing gives individuals the right to temporarily suspend the processing of their personal data and helps protect their privacy. It also gives citizens more control over their personal data. So, organizations need processes to handle the right to restrict processing requests and respect the rights of individuals under the GDPR.

How to Comply with the Right to Restrict Processing?

To comply with the right to restrict processing, data controllers need a process for complying with requests. The process you use should contain the following steps at a minimum:

  • Verify the identity of the requestor: It is important to verify the identity of the individual requesting so that the processing of personal data is only restricted to the correct person. This may involve requesting identification or other documentation.
  • Confirm that the request is a valid right to restrict processing request: Make sure that the request is a valid right to restrict processing request and not something else, such as a request to erase personal data or object to its processing.
  • Respond to the request: The data controller must respond to the right to restrict processing requests without undue delay, within one month of receiving the request. This period may be extended by two further months if the request is complex or if the controller has received a large number of requests.
  • Locate and retrieve personal data: This may involve accessing electronic records or paper files.
  • Store the personal data: Store but do not further process it unless the individual consents to the processing or the processing are necessary for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest.
  • Notify third parties: If the personal data has been disclosed to third parties, inform those third parties about all rights to restrict processing requests and take reasonable steps to ensure that the personal data is not further processed.
  • Document the request: Keep a record of all rights to restrict processing requests and the action taken in response to the request.

Best Practices for Complying with the Right to Restriction of Processing

When creating a process for your organization on complying with the right to restrict processing requests, keep the following best practices in mind:

  • Establish clear processes and procedures: Ensure that processes and procedures for handling the right to restrict processing requests are clearly defined. This includes procedures for verifying the identity of the requestor, locating and retrieving the personal data, and storing but not processing the personal data.
  • Train employees: Employees should understand and know the processes and procedures for handling the right to restrict processing requests, as well as their obligations under the GDPR.
  • Keep accurate records: Record all rights to restrict processing requests, including the date of the request, the personal data that was requested to be stored but not further processed, and the action taken in response to the request.
  • Respond promptly: Make sure to respond to every right to restrict processing requests promptly and within the required timeframe.
  • Record third-party data disclosures: Every time your organization discloses personal data to a third party, keep detailed records of the disclosure. These records can help you take reasonable steps to ensure that the personal data is not further processed when someone exercises their right to restrict processing.

Conclusion

The right to restrict the processing of personal data is a fundamental right of all EU and UK citizens outlined in the GDPR. So, every organization that collects, stores, or processes data on citizens in the EU or UK, regardless of the location of the organization, must comply with requests related to the right to restrict processing. But, complying with these requests can cause complications. The organization needs to stop all of its processing and any processing activities of third parties who received personal data from the organization.

Satori’s Data Security Platform can help you comply with all GDPR requirements without impacting the value of your data. maintain compliance with applicable data regulations.

To learn more:

Last updated on

January 9, 2023

The information provided in this article and elsewhere on this website is meant purely for educational discussion and contains only general information about legal, commercial and other matters. It is not legal advice and should not be treated as such. Information on this website may not constitute the most up-to-date legal or other information. The information in this article is provided “as is” without any representations or warranties, express or implied. We make no representations or warranties in relation to the information in this article and all liability with respect to actions taken or not taken based on the contents of this article are hereby expressly disclaimed. You must not rely on the information in this article as an alternative to legal advice from your attorney or other professional legal services provider. If you have any specific questions about any legal matter you should consult your attorney or other professional legal services provider. This article may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites.

Advanced Technology Partner
SOC 2 TYPE II
ISO/IEC 27001
AWS Global Security
G2 High Performer Fall 2023
Snowflake Premier Technology Partner
Snowflake Horizon
Microsoft for Startups Pegasus Partner

Product

COMPARISONS

Company

Resources

AWARDS & CERTIFICATIONS

  • AWS Advanced Technology Partner
  • AWS ISV Global Accelerate
  • ISO/IEC 27001
  • G2 High Performer Winter 2024
  • G2 Leader Winter 2024
  • Microsoft for Startups Pegasus Partner
  • Snowflake Horizon Partner
  • Snowflake Premier Technology Partner
  • SOC 2 TYPE II

©2023 Satori Cyber Ltd. All rights reserved.

Twitter Linkedin-in Youtube