🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 10 of the GDPR: Processing of personal data relating to criminal convictions and offenses

Home GDPR articles decrypted Article 10 of the GDPR: Processing of personal data relating to criminal convictions and offenses
L’Article 10 of the GDPR supervises the treatment of data relating to offenses, criminal convictions and security measures. This data, considered particularly sensitive, can only be processed under very strict conditions.

Article 10 of the GDPR explained

The processing of this data is only permitted if:

  • It is carried out under control of public authority ;
  • Or if he is expressly authorized by Union or Member State law, subject to appropriate guarantees for the rights and freedoms of the persons concerned.

Article 10 applies in particular to processing concerning criminal records, serious administrative sanctions or data from criminal records.

Why is this article important for your GDPR compliance?

This data type presents a increased risk for fundamental rights people. Article 10 therefore imposes a reinforced protection, and strictly limits the cases where this data can be processed, particularly in a professional context (recruitment, integrity check, etc.).

How to comply with Article 10 of the GDPR?

  • Evaluate whether your processing involves data relating to criminal offenses or convictions.
  • Make sure these treatments are authorized by an explicit legal provision.
  • Verify that the processing is carried out under the control of a public authority, or with appropriate guarantees (e.g. restricted access, clear legal framework).
  • Keep this data only for a strictly necessary period and plan for its secure deletion.

Examples of application of Article 10 of the GDPR

  • A private security company can request a criminal record extract only if this is provided for by national law.
  • A public body which investigates administrative sanctions must strictly regulate access and use of this data.
  • A recruiter cannot demand criminal information without an explicit legal basis justified by the nature of the position.

Related Resources

Accelerate your compliance in just a few clicks

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

👉 Request a demo with an expert

⚡ Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis:

👉 GDPR: Self-assess now

Other articles
on the same subject