GDPR – Is it special?

  • Home
  • GDPR – Is it special?
  • 08
    Nov 17

GDPR – Is it special?

Tags : 

Data StreamFor many organisations, keeping the personal data they handle safe, is nothing new, especially if they already have robust Data Protection Act 1998 procedures in place (you do already have that don’t you?). What is new is that the GDPR requires organisations to document data collection and processing policies and procedures before you go about doing it. Then, it must be possible to show on-going compliance with your own policies and procedures. Not forgetting to determine the lawful basis for doing it as well!

In an earlier article I looked at processing personal data, but what about the special categories of data – do they need to be handled any differently?

The special categories of personal data

The special categories of personal data are:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Grade union membership;
  • Genetic data and biometric data for the purpose of uniquely identifying a natural person
  • Data concerning health;
  • Data concerning a natural person’s sex life or sexual orientation.

As with personal data you must consider the lawful basis for processing the special categories of personal data:

  • With the explicit consent of the data subject, unless reliance on consent is prohibited;
  • Necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement;
  • Necessary to protect the vital interests of a data subject who is physically or legally incapable of giving consent;
  • Processing carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided the processing relates only to members or former members and provided there is no disclosure to a third party without consent;
  • Data manifestly made public by the data subject;
  • Necessary for the establishment, exercise or defence of legal claims;
  • Necessary for reasons of substantial public interest and has appropriate safeguarding measures;
  • Necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services;
  • Necessary for reasons of public interest in the area of public health;
  • Necessary for archiving in the public interest, or for scientific, historical or statistical research.

Data Protection Impact Assessments

However, the GDPR introduces a new requirement to carry out a data protection impact assessment (DPIA) when a type of processing is likely to result in a high risk to the rights and freedoms of data subjects. DPIAs are mandatory in the case of large-scale processing of special categories of data and you must consult your data protection officer (DPO), if appointed, when carrying out a DPIA. Where appropriate, you must also seek the views of data subjects or their representatives on the intended processing, without prejudice to the protection of commercial or public interests or the security of processing operations.

Anonymisation and Pseudonymisation

You can reduce the sensitivity of the personal data you are processing in a few ways:

  • The best solution is to use anonymous data. If the data have been correctly anonymised (meaning that the individuals cannot be identified any more), they no longer count as personal data and therefore the GDPR does not apply. Data used for academic research is always anonymised wherever possible, and this approach is also suitable for large scale data processing for marketing purposes. One of the methods that may be used is to combine data to form groups. If this method is chosen, the amount of data must be large enough to ensure each group always contains a reasonable number of individuals (a minimum of 50 people often applies). You need to be aware that the wider the variety of data you collect, the more likely it is that a person will be identifiable if the data is combined;
  • Another commonly used method is pseudonymisation. In this method, all the elements in a dataset that identify an individual are removed and replaced by a meaningless key. The file containing the keys is stored separately. Although such data still qualify as personal data, because they relate to an identifiable person, the risk that there will be an impact on any of the persons concerned is much lower. Pseudonymisation is therefore a good security measure for the special categories of personal data that have to be transferred, for example.

The GDPR is designed to protect personal data in order to protect privacy and individual’s rights. This does not include anonymous data, but all other information which may identify a data subject directly or indirectly, including pseudonymised personal data, is covered by the GDPR. You should consider whether even anonymous data can be used to identify an individual as the more data gets combined and aggregated, the more substantial the personal data becomes and the more difficult it becomes to de-identify and the higher the risks and responsibilities.

News Archive

More Information (PDF)

Smarter Technologies Ltd, Unit 1 Broadfield Industrial Estate, Seymour Street, Heywood, OL10 3AJ | Company No.: 07172781 | VAT No.: 794 7491 68

 Request a Quote

What our clients say:
Andrew JennerAndrew JennerRCD Leaflets
Please pass my thanks on to the team as the whole process from quote to install was unbelievably thorough, efficient and smooth.
Bill LeesBill LeesThe Housing Link (2003)
Smarter Technologies make so many complicated things sound clear and understandable in a way that I completely understand.
Andrew BeeputAndrew BeeputThe Bond Board
Smarter Technologies really understand the pressure charities are under and consider this when making recommendations. They saved us so much money – I can’t put a price on their help. It was invaluable.
Jim GowmanJim GowmanYMCA Black Country Group
I want to pass on the thanks received today from across all parts of the YMCABC teams about how robust the IT systems have been. We have had to get to grips with remote working and with this pandemic it has come into its own.
Maura JacksonMaura JacksonBackup North West
Smarter Technologies have looked after our IT for well over 10 years. They are fabulous, knowledgeable, hard working, thorough, reliable, good value for money and proactive.
Richard BoydRichard BoydRed Flame Marketing
I found the IT support for my small business to be excellent. Everything is clearly explained in non-technical language; prompt service and very affordable. Will be recommending Smarter Technologies to other businesses. (In fact, I already have!).
Graham EvansGraham EvansThe Housing Link (2003)
We have a tight budget and Smarter Technologies has enabled us to ‘work smarter’ and provide fast assistance to those who need it. It has played an integral role in the success of this charity.
Dave BagleyDave BagleyUrban Outreach (Bolton)
Thanks again for the swift response from Smarter Technologies to our IT needs recently. All is working perfectly.
Lynne SprigingsLynne SprigingsBolton Young Persons Housing Scheme
As a small charity it’s really important for us to have reliable and responsive IT support, which Smarter Technologies supplies.
David Lackner-SmithDavid Lackner-SmithThe Sanctuary Trust
It’s great being able to rely on such prompt service from Smarter Technologies, it really gives us peace of mind knowing that our IT support is provided by a team that will go the extra mile.
Jane HaywardJane HaywardYMCA Black Country Group
The service I have received has been excellent, from the initial meeting where the process was explained to managers, right down to coming out to go through SharePoint with me.
Nikki PriceNikki PriceInstil Bio (UK) Limited
Thank you very much for your help on a Saturday! I can’t tell you how very grateful we are to you for helping us out with this last minute request and doing it so promptly.
Sharon HamerSharon HamerThe Housing Link (2003)
Thank you for all your advice, help and support. I would not hesitate to recommend Smarter Technologies.
Jim GowmanJim GowmanYMCA Black Country Group
Just to say to the Smarter Technologies team, thanks for a very smooth transition into the 21st Century of IT with our upgraded equipment. All aspects of the installation have received positive feedback from day one.
Tracey PeaceTracey PeaceRamsbottom Kitchen Company
The Smarter Technologies team are like extended members of our staff and always go the extra mile. The team come in early and stay until they finish – they even lock up for us.
prevnext

© 2011-2024 Smarter Technologies Ltd  |  Privacy Statement

%d bloggers like this: