Article 10

Processing of personal data relating to criminal convictions and offences

Processing of personal data relating to criminal convictions and offences or related security measures based on Article 6(1) shall be carried out only under the control of official authority or when the processing is authorised by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.

What does it mean?

Article 10 establishes strict rules for the processing of personal data related to criminal convictions and offenses. It recognizes the sensitive nature of this information and seeks to protect the rights of individuals.

Data on criminal convictions can be lawfully processed by government agencies involved in law enforcement and the justice system. Additionally, certain laws within the European Union or a Member State may permit other entities to handle criminal data.

In most cases, Member State laws allow organizations to process data on criminal convictions if the data subject has given explicit consent or if the organization has a legitimate interest, such as processing a legal claim.

No. Any large-scale or widespread register of criminal convictions must be maintained strictly under the control of an official government authority. This ensures oversight and accountability.

Criminal conviction information is inherently sensitive. Someone’s past mistakes shouldn’t haunt them forever or be used to discriminate against them unfairly. Article 10 aims to strike a balance between the needs of law enforcement and the protection of individual rights and freedoms.

Awareness Training

Ensure that your entire company is equipped with the necessary awareness training on the basics of GDPR and IT security.