Threat P.GDPR.HuDPS-io.6

URI: P.GDPR.HuDPS-io.6

Package: GDPR

Description: Lack of legal basis for use of Data related to DataSubject by Process: since the data is related to a person who is a citizen or resident in a state where the GDPR applies, a legal basis is required to process the data.

Threat Type: Primary Threat

Matching Pattern:

MP-HuDPS-io

Finds a Stakeholder operating a Process that is using Data relating to a Human data subject via a controlling Service, where the subject does not operate either the Process or the controlling Service.

(empty)

CSG-GDPRAtSubject

(empty)

CSG-GDPR-Art6-1-a	Processing and/or storage of *Data* by consent of the data subject *DataSubject, by including a means for them to express consent via their interface to the system, maintaining an access control policy for Data* based on their consent decisions, and enforcing the policy using an enforcement point in the data access path at *Service*.
CSG-GDPR-Art6-1-bcef	Processing of *Data* under GDPR Art 6.1b (performance of a contract), Art 6.1c (to comply with regulation), Art 6.1e (in the public interest) or Art 6.1f (legitimate interests). The Governance control means process *Process* has analysed by the relevant experts and documented the case for it being considered lawful under one of these provisions. Access to the data must still be logged by its storage device *SHost*.
CSG-GDPR-Art6-1-d	Processing of *Data* under GDPR Art 6.1d (protection of vital interests). The Vital Interests control means process *Process* has analysed by the relevant experts and documented the case for it being considered necessary to protect the vital interests of the data subject or another natural person. Access to the data must still be logged by its storage device *SHost*.

Threat P.GDPR.HuDPS-io.6

MP-HuDPS-io

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (1)

Misbehaviour Sets (0)

Control Strategies (3)