The ICO has published a new post written by Ian Hulme, Director of Regulatory Assurance to launch their new updated guidance on special category data under the GDPR.
Hulme stresses that the consequences of sharing personal data by mistake can be extremely damaging.
The General Data Protection Regulation (GDPR) recognises that certain types of personal data are extremely sensitive and thus data controllers must give it extra protection.
These certain types of personal data are known as special category data and includes information concerning a person’s health; sex life or sexual orientation; political opinions; racial or ethnic origin; religious or philosophical beliefs; and membership to a trade union.
The special category data under GDPR is similar to that of the sensitive personal data under the Data Protection Act 1998 – however the special category data also relates to genetics and biometric identification data.
“Special category data is the most sensitive personal data a controller can process. The misuse of this data is likely to interfere with an individual’s fundamental rights and freedoms and could cause real harm and damage,” explains Hulme.
The ICO expects controllers to take all necessary precautions to protect this data due to the possible risks. Subsequently a new guidance has been published to help controllers to do so.
The new guidance states that organisations must have a GDPR lawful basis to process data under Article 6, however when processing special category data, organisations need an Article 9 condition for processing and potentially an association DPA 2018 Schedule 1 condition.
“Many of the DPA 2018 conditions require you to have an appropriate policy document in place. This is a short document that should outline your compliance measures and retention policies with respect to the data you are processing.
“We have a template appropriate policy document in our guidance to help organisations
“There is more to do when processing special category data, but the provisions are in place to help you protect the data of those whose information you hold, and increase their confidence in you. It’s worth taking the time to get it right.”
The post #Privacy: Why special category personal data needs to be handled even more carefully appeared first on PrivSec Report.