Module 5 · Restriction of processing (Article 18)
Restriction of processing (Article 18) means marking stored personal data to limit future processing - a kind of legal hold. Per Article 4(3), the data is kept but not processed, which distinguishes it from erasure. Triggers include a contested accuracy claim, unlawful processing the subject prefers to restrict, a need to retain for legal claims, or a pending objection. Once restricted, further processing needs new consent or a narrow ground, and the controller must inform the data subject before lifting the restriction.
Restriction of processing is defined in Article 4(3) as marking stored personal data to limit future processing - a legal hold / suspension. Unlike erasure, the data is kept but not otherwise used.
- The data subject contests accuracy (pending verification).
- Processing is unlawful but the data subject prefers restriction to erasure.
- The controller no longer needs the data but the data subject needs it for legal claims.
- The data subject has objected, pending verification of overriding grounds.
Methods (an open-ended list) include making data temporarily unavailable, noting the restriction in the system, moving data to a separate system, or using it only under narrow conditions. Once restricted, further processing is allowed only with new consent, for legal claims, to protect another's rights, or for important public interest. The controller must inform the data subject before lifting a restriction.
Erasure deletes the data. Restriction keeps the data but suspends its use. Don't confuse the two.