Implementing Regulation of PDPL Article 31 says that controllers are restricted from photographing or copying official documents (like IDs or passports) issued by public authorities that identify individuals, unless explicitly required by law or upon request from a competent public authority. If such documents are collected, they must be protected and destroyed once no longer needed—unless a legal obligation requires retention.
Don’t capture or store ID documents unless legally required. Secure them if collected. Destroy when no longer needed.
Implementing Regulation of PDPL Article 31
Refrain from Copying
Without prejudice to the relevant laws, the Controller shall refrain from photographing or copying official documents – issued by Public Entities – where Data Subjects are identifiable, except upon request from a public Competent Authority or when required by Law. The Controller shall provide the necessary protection for such documents and destroy them once the purpose for which they were obtained has ended unless there is a legal requirement to keep them.
Explanation of Implementing Regulation of PDPL Article 31
Restrict ID handling:
Implementing Regulation of PDPL Article 31 says that, controllers must not photograph or copy official ID documents unless it’s required by law or requested by a public competent authority.
Exceptions apply:
Implementing Regulation of PDPL Article 31 also says that, if a legal basis or a public authority request exists, capturing or copying the documents is permitted.
Secure then dispose
Implementing Regulation of PDPL Article 31 also says that, if ID documents are collected, the Controller must ensure they are protected and securely destroyed when the purpose is fulfilled—unless law requires them to be retained.
