Javascript is required
logo-dastralogo-dastra

GDPR Data processing modelMonitoring the internal activity of the legal department and the legal proceedings conducted against it

Legal ServicesPrivate
Processing of litigation and internal legal activity data related to legal proceedings involving the legal department of a financial institution, including case tracking, decisions, and actions taken.

Purposes (1)

A purpose is the objective pursued by the setting up of your file. It indicates what the processing of personal data will be used for, its purpose. This purpose must be clear and understandable

1
Manage and monitor the internal activities of the Legal Department
Legitimate interest
Art. 6(1)(f) – Legitimate interest (legal defence and risk mitigation) + Art. 9(2)(f) – Legal claims + Art. 10 – Criminal offence data processed under legal basis for legal claims (Schedule 1, Part 3 of DPA 2018)

Data categories (1)

Personal data is any information relating to an identified or identifiable natural person. A natural person can be identified either directly (eg surname and first name) or indirectly (eg phone number, social security number, email or postal address, but also voice or image)

Litigation data

Data details

Commentsrequired
Court rulingrequiredsensitive data
Action taken by customer or bankrequiredsensitive data
Object of challengerequired
Offences, convictions and security measures

Definition

Insofar as their recording is strictly necessary for the follow-up of the measure pronounced against the minor or young person. This category of data may only be collected and processed by legal entities managing a public service and acting within the scope of their legal powers

requiredsensitive data
Name and surnamerequired

Data conservation rules

Active base:

5 years after exhaustion of legal remedies

Aligned with ICO best practice and Law Society retention standards. ICO recommends data minimisation and justifiable retention: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/retention-and-disposal/

Intermediate archiving:

Optional archive based on ongoing risk

Destruction

Data subject (2)

A data subject is any person whose data is collected, retained or processed by the data processing. e.g. In a recruitement process, any candidate for a position proposed in recruitement management process

  • Criminals
  • Customers
Created at:07/08/2023
Updated on:07/07/2025
License: © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale
Nb using:4

Access the full processing template

Try Dastra now to access all of our data processing templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Add to my data processings record
Subscribe to our newsletter

We'll send you occasional emails to keep you informed about our latest news and updates to our solution

* You can unsubscribe at any time using the link provided in each newsletter.