GDPR Webinar: Follow-Up Q&A
On Nov. 29, 2018, DRI presented the webinar “GDPR: Considerations for Continuity Professionals,” our first webinar designed for European audiences. Discussing GDPR and its implications across business continuity were DRI Chief Knowledge Officer Lyndon Bird, along with Ovidiu Diaconescu, and Luuk Akkermans.
As a follow-up to the presentation, one attendee asked:
“Most other Data Protection Law’s before GDPR had an exemption for using your employee’s Data for Crisis Notification, especially if there is a threat to life. Is there a similar exemption in GDPR?”
The answer came from the colleague of one of our speakers – Joan Eijpe, Privacy Officer, Sociale Verzekeringsbank, who said:
“Processing information as part of your crisis notification plan can be seen as processing necessary for the purpose of legitimate interest (article 6, 1f). More importantly, using that information in case of a crisis, especially when there is a threat to life, should be seen as processing necessary in order to protect the vital interests of the data subject or of another natural person (article 6, 1d).”