Skip to main content

Notify third parties of changes

Requirement#

The system must notify third parties when it rectifies or erases shared personal information.

Description#

Systems usually request information from their users, obtain it from third parties or collect it based on their interactions with the application. They sometimes share personal information with third parties after having requested consent from its owner. Whenever this information is rectified or erased upon request from its owner, the system must notify said third parties so that they do the same. This is also the case when the user requests that the system stop processing their data.

Exceptions#

  1. The system must proceed with the notification unless it is impossible or involves disproportionate effort.

  2. The processing of the personal information might have archiving purposes in the public interest. If the system properly safeguards this information and if complying with this requirement seriously impairs these purposes, this requirement is not applicable.

References#