Back

Order the cessation of data processing when a violation of the privacy policy is detected.


CONTROL ID
00475
CONTROL TYPE
Data and Information Management
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Develop remedies and sanctions for privacy policy violations., CC ID: 00474

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The competent Minister may recommend that a business operator that handles personal information cease violating the provisions of Articles 16 to 18, Articles 20 to 27, or Article 30(2) or take other measures to correct the violation when the competent Minister determines it is necessary to protect t… (Art 34(1), Japan Act on the Protection of Personal Information Protection (Law No. 57 of 2003))
  • If the Office for Personal Data Protection finds that a data controller who has a registered notification has breached the conditions of this Act, the Office will decide if the registration will be revoked. If the registered processing purpose no longer exists, the Office will decide on whether to r… (Art 17a, Czech Republic Personal Data Protection Act, April 4, 2000)
  • The Commission Nationale has the right to arrange for the correction, deletion, or blockage of the processing of data that does not comply with this Law. (Art 29(5), Law of 2 August 2002 on the Protection of Persons with Regard to the Processing of Personal Data)
  • The Data Protection Commissioner must order a data controller to stop data processing when he/she observes any unlawful processing of data. Measures must be taken immediately, and the data controller must notify the Data Protection Commissioner of the incident in writing within 30 days. If the unlaw… (Art 25(2), Art 25(4), Hungary Protection of Personal Data and Disclosure of Data of Public Interest)
  • The Data Protection Authority can order data processing to be ceased. The factors listed in Article 35 paragraph 2 will be considered by the Data Protection Authority when deciding what measures are to be taken. The Data Protection Authority can assign the task of halting temporarily the operations … (Art 40, Iceland Protection of Privacy as regards the Processing of Personal Data)
  • After the preparatory phase is concluded and the claim is not found to be manifestly groundless and the prerequisites for a decision are fulfilled, the Guarantee may call for the data controller to block the processing before ordering measures in Section 143.1(b) to be implemented or prohibiting or … (§ 143, § 144, § 150.1, Italy Personal Data Protection Code)
  • Before processing data on behalf of the public administration or a private controller, the data controller or his/her representative must notify the Data Protection Agency. Before processing data on behalf of the courts, the data controller or his/her representative must notify the Danish Court Admi… (§ 45(1), § 50(1), § 52, Denmark, The Act on Processing of Personal Data)
  • If personal data is canceled, the data must be blocked, maintained solely by public administrations, judges, and courts to determine any liability resulting from the processing, and held for the duration of the liability. Once the liability expires, the personal data must be deleted. (Art 16.3, ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data)
  • The Data Protection Commission can prohibit all further uses of data entirely or in part in cases of imminent danger. (§ 31(3), Austria Data Protection Act)
  • The Commissioner may recommend the responsible Federal authority either modify or cease data processing, if an investigation reveals data protection provisions have been infringed. The relevant department or Federal Chancellery must be informed of the Commissioner's recommendation. (Art 27.4, Art 29.3, Switzerland Federal Act of 19 June 1992 on Data Protection (FADP))
  • Secondly, individuals can also bring a complaint directly to the independent dispute resolution body (either in the United States or in the Union) designated by an organisation to investigate and resolve individual complaints (unless they are obviously unfounded or frivolous) and to provide appropri… (2.4 (70), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • The State Commission for Access to Public Information must respond to requests and complaints and take measures for processing in accordance with this law. The Commission may order the cessation of processing and may cancel non-conforming files and impose appropriate fines. (Art 16.III, Colima Personal Data Protection Law (Decree No. 356))
  • The general director of the Institute for Access to Public Information may order the blocking of personal data in a file or data bank that is grounds for an appeal. The blocking of the information will remain in effect until the issue is resolved. (Art 28, Guanajuato Personal Data Protection Law)
  • When personal data is used or transferred that jeopardizes or seriously prevents an individual from exercising his/her rights, the Institute may require the controller of the personal data system to stop using or transferring the data. If this is ignored, in a reasoned matter, the Institute may bloc… (Art 17, The Personal Data Protection Law for the Federal District (Mexico City))
  • To transfer personal data to a third party acting as an agent, organizations must: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonab… (§ II.3.b., EU-U.S. Privacy Shield Framework Principles)
  • A competent judge will be entitled to order the blocking of the file when there is evidence that the personal data causing the legal action is false, discriminatory, or inaccurate. (§ 38.4, Argentina Personal Data Protection Act)