A partition case file is, by nature, dense in personal data: identification of the parties, family relationships, photographs of assets in private homes, economic valuations and, sometimes, sensitive data on health or beliefs when an asset has that nature (books, medical devices, religious objects). The GDPR requires all of this to be handled within a clear framework.
Legal basis for processing
The usual legal basis is not consent (which would be revocable and ill-suited to a contentious procedure), but compliance with a legal obligation or the legitimate interest of the controller, linked to the legal function being performed. In court proceedings, the performance of a task carried out in the public interest also applies.
Minimisation: only what is necessary
Minimisation is the most useful operating principle. Every data item in the file should be justifiable with the question 'is this strictly necessary for the partition?'. If a field adds no evidentiary or management value, it should not be collected. The same applies to photographs: focus on the asset, not the surrounding home.
Roles: controller and processor
The professional firm or judicial body conducting the partition is the data controller. The technological platform that hosts the data acts as a processor and must sign the data processing agreement (Article 28) governing instructions, sub-processors, security measures and the return or deletion of data at the end of the engagement.
Retention and deletion
- Retention during the procedure and the appeal or enforcement periods established by the applicable law.
- Blocking and historical archive for residual evidentiary purposes (typically tied to civil limitation rules).
- Effective deletion at the end of the retention period, with a record of the deletion operation.