GDPR Glossary

Authorisation to process personal data

FORMAL ANSWER

An authorisation to process personal data is one of the organisational measures for securing personal data, requiring that persons authorised to process personal data do so only on the controller’s instructions. To meet the accountability requirement, the authorisation should include the authorised person’s first and last name, the date it was granted and expires, the scope of authorisation to process personal data, and an identifier where data are processed in an information system. Persons authorised to process data are obliged to keep those personal data and the methods of securing them confidential.

PRACTICAL ANSWER

An authorisation to process personal data is one of the documents, issued after prior training, on the basis of which a person may begin processing personal data in the organisation. The authorisation is issued by the controller. It may be kept in the employee’s personnel file. As a rule, the authorisation covers access to data to the extent necessary to perform employment duties (in line with the need-to-know principle).

MORE:

  • ODO Navigator makes it easy to grant authorisations to all employees
Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.