What this implies for data processing according to the General Data Protection Regulation (GDPR)?

A controller discovers that a data subject, who had given consent for the processing of his data, has passed away.

What this implies for data processing according to the General Data Protection Regulation (GDPR)?
A . With the death of the data owner, the controller can continue processing the data, as they are no longer under the GDP
C . The data can only be processed by the controller respecting the consent provided by the holder.
D . The controller must delete the data of the holder, since with the death of the holder the consent is automatically revoked.
E . The controller can process the data of a deceased person as long as it anonymizes the data.

View Answer

Answer: A

Explanation:

With the death of the data subject, the controller can process the data in any way he wishes, since personal data of deceased persons is not within the scope of the GDPR.

Recital 27 says: This Regulation does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased persons.