Restriction of public access to the archive
Did you, as a governmental organisation, transfer information to an archive repository? Then this information is in principle accessible for everyone unless you have set restrictions to such public access. This is an important privacy safeguard. After all, it is a well-known fact that the greatest risks for the protection of personal data arise from consulting the information.
On this page
Assess whether you have to restrict public access
Before transferring information to an archive repository, you have to asses whether you have to restrict public access to your information in order to protect the personal data in the information. You must first find out what type of personal data it concerns.
Special categories of personal data and personal data relating to criminal convictions and offences
Do you process special categories of personal data or personal data relating to criminal convictions and offences? Then you always have to restrict public access to that information before transferring it to an archive repository.
Ordinary personal data
But even if you only process 'ordinary' personal data, you have to assess whether you need to restrict public access to the information. You have to assess what carries more weight: the interest of public access to the information or the interest of protection of the personal data in your information. When making this assessment, you have to include in any case the possible risks arising for the data subjects if their personal data become public.
Ask for advice when making the assessment
Ask the Data Protection Officer (DPO) or another privacy expert within your organisation for advice when making the assessment of whether you will have to set restrictions to public access to personal data.