Organizations and Citizens

Organizations

Handling personal data

What can and can’t you as an organization do with personal data on ID documents?

Do’s

  1. If you have a good reason or are required by law to ask for identification, explain this clearly to the holder of the ID document.
  2. If you are legally required to keep copies or scans of ID documents, make sure that the information is kept in a secure location.
  3. Is identification truly necessary? Do not just routinely ask for identification, but carefully consider the purpose.
  4. You are allowed to process personal data in the following cases:
    • With the subject’s consent.
    • To execute an agreement.
    • If legally required to do so.
    • To serve a vital interest. (such as a medical need).
    • For the performance of a public-law duty.
    • In case of a justified interest of the organization, unless the citizen’s basic rights prevail.

Don’ts

  1. Do not collect any more personal data than necessary.
  2. Do not record or process any special personal data, such as the person’s religion or life philosophy, race, political preference or health information, unless required by law.
  3. Do not keep personal data any longer than necessary. Eliminate data as soon as the information is no longer needed.
  4. Some organizations are legally required to make copies or scans of ID documents, but are not allowed to collect any excessive personal data.

Citizens

Handling personal data

What can and can’t organizations do with the personal data on your ID documents?

Do’s

  1. An organization may ask for your ID if it has a good reason for doing so, such as to prevent identity fraud or due to a legal requirement.
  2. Banks, credit card companies, insurers, notaries public and casinos are legally required to identify you and may copy or scan your ID or take your personal data.
  3. Organizations are required to tell you what they do with your personal data. So, feel free to ask.
  4. You may ask an organization to remove personal data that is no longer required for the purpose for which it was originally requested.
  5. Always ask why an organization wants to check your ID or why you need to show it.
  6. Protect your personal data. To reduce the risk of identity fraud, if possible, cover your picture and your driver’s-license, ID or passport number whenever these documents are copied or scanned.

Don’ts

  1. Organizations are not allowed to take your personal data or copy/scan your ID at will. Be critical.
  2. Some organizations are required by law to ask for your ID, in which case you may not refuse to provide it.
  3. Organizations are not allowed to record your personal data without your knowledge. They must let you know how they use your personal data. So, feel free to ask.
  4. Organizations are not allowed to keep your data indefinitely.