Confidentiality Obligation

A legal or contractual duty to maintain information in confidence and not disclose it to unauthorized parties. In privacy contexts, confidentiality obligations apply to anyone processing personal data on behalf of a controller, including employees, contractors, and service providers. GDPR Article 28 requires that processor contracts include confidentiality commitments. Confidentiality obligations typically survive contract termination and continue as long as the information remains confidential. The obligation includes protecting information from unauthorized access, use, disclosure, or destruction. Breaches of confidentiality can result in contractual liability, employment consequences, professional sanctions, and in some cases criminal penalties. Organizations should ensure all personnel with access to personal data are subject to confidentiality obligations through employment contracts, non-disclosure agreements, or professional codes of conduct. Note that confidentiality doesn't mean data can never be disclosed—lawful disclosures (like regulatory compliance) are permitted.