Q&As

What are an organisation’s obligations under data protection law to verify a caller’s identity?

read titleRead full title
Published on LexisPSL on 03/04/2018

The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:

  • What are an organisation’s obligations under data protection law to verify a caller’s identity?

What are an organisation’s obligations under data protection law to verify a caller’s identity?

The EU General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 does not impose a specific requirement to verify the identity of callers. Instead, there is a general requirement to ensure ‘appropriate security of…personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures’. This is known as the integrity and confidentiality principle and it is expanded in the GDPR, Art 32, although again there are no direct reference to identifying callers.

ICO guidance on Information security deals with this

Popular documents