Personal data is any information relating to an identified or identifiable natural person (‘data subject’). This includes both simple personal Data, for example the name, date of birth, address, age, tax registration number etc but also specialcategories of personal data, such as racial or ethnic origin (e.g., nationality), health or other data.
Enforcement Agents mainly deal with simple personal data that they have to process in the context of their duties. Processing’, according to GDPR, includes any operation or set of operations performed on personal data such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available.
Examples of data processing by Enforcement Agents include:
- writing a service report which includes personal data
- inventory record of debtor’s possessions
- copies from a service report
- keeping record of service reports
- writing a report after conducting an inspection of mortgage
- publishing an abstract of a legal document (lawsuit, decision) when the opponent’s address is not known.
- searching and collecting data in public registers
- transmission to authorities such as the police or the court
- sending copies of reports to clients or lawyers.
What principles need to guide the work of Enforcement Agents with data?
In their activities, Enforcement Agents are guided and limited by 6 specific principles for dealing with personal data (Article 5.1-2 GDPR):
- Lawfulness, fairness and transparency, which means that processing must be lawful, fair, and transparent to the data subject;
- Purpose limitation which means that data can be processed ONLY for the legitimate purposes specified explicitly to the data subject when collected
- Data minimization which means that Enforcement Agents can collect and process ONLY as much data as absolutely necessary for the purpose specified;
- Accuracy which means that personal data needs to be accurate and up to date;
- Storage limitation which means that personal data can be stored only FOR AS LONG AS NECESSARY for the specified purpose; and
- Integrity and confidentiality which means that processing must be done in a way to ensure security, integrity, and confidentiality (e.g. by using encryption).