Threat P.GDPR.HuDoPS-o.6

URI: P.GDPR.HuDoPS-o.6

Package: GDPR

< prev | next >

Description: Lack of legal basis to store Data related to DataSubject at Service: since data Data is related to a person DataSubject who is a citizen or resident in a state where the GDPR applies, a legal basis is required to collect and process their data. In this case the subject controls a process that is using the data, but not the service where it is stored, so consent is still needed to manage the data on their behalf.

Threat Type: Primary Threat

Matching Pattern:

P.GDPR.HuDoPS-o.6
MP-HuDoPS-o

Finds a Service that serves data relating to a Human data subject, along with its host and operator, and data processing operated by the subject that uses this Service.

        (empty)

        (empty)

        CSG-GDPRAtSubject

        (empty)

CSG-GDPR-Art6-1-a

Processing and/or storage of Data by consent of the data subject DataSubject, by including a means for them to express consent via their interface to the system, maintaining an access control policy for Data based on their consent decisions, and enforcing the policy using an enforcement point in the data access path at Service.