Public registers with personal data under scrutiny of DPA regulators

Data is critical for business in the digital age. Cloud, mobile, IoT, machine learning, AI, blockchain, and other technology-driven developments are accelerating process automation with data-driven disruption that re-defines roles and boundaries of data processing. Data privacy and security laws are pivotal in this context. Regulators draft these laws to restrict how businesses collect, use, share, store, and disclose data. Recent years have witnessed an unprecedented expansion in data privacy and security regulations globally as regulators seek to catch up to technology. This paper underlines the principles of how EU General Data Protection Regulation ("GDPR") focus at specific purpose of processing and storage of personal data in public registers. Some of public dataset providers ("public registers") offer this data as part of their services without consent or other adequate purpose. Selection of reliable partner that cover this service with appropriate legal coverage (consent, terms & conditions that define the purpose) is crucial part for data rental. Assurance of organization acts as a step of necessary prevention with an aim to avoid fines from Data Protection Authorities (“DPA”) regulators. This paper excludes the issue of public registers such as business register or central register of contracts and private registers, which have their status defined by law, such as common banking register. Focus and emphasis is on the processing of private data in public registers without a consent by statutory as a data subject. The personally identifiable information (“PII”) of himself used to be provided as a part of service – data rental of B2B contacts. Typical examples of such registers in Slovakia are finstat.sk, otvorenesudy.sk, public.digital, ekosystem.slovakia.digital, data.gov.sk, bisnode.sk or cribis.sk.