ICO Publishes Detailed Guidance on Special Category Data

Together we are Forbes

Article

15 December, 2019

Daniel_Milnes
Daniel Milnes
Partner, Head of Governance, Procurement & Information

The ICO has now published detailed guidance on "Special Category Data" which provides further guidance to organisations about the use of, and safeguards to protect, special category data. A copy of this guidance can be found here - https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/special-category-data/.

The GDPR recognises that certain sensitive personal information should be treated with additional care. The GDPR states that special category data is information relating to:

  • health;
  • sex life or sexual orientation;
  • racial or ethnic origin;
  • political opinions;
  • genetic or biometric identification data;
  • religious or philosophical beliefs; or
  • membership of a trade union.

The GDPR also recognises that information relating to criminal offences or convictions should also be treated with additional care.

What Does the New Guidance Say?

The new guidance makes it clear that you must have a lawful basis to process special category data or information relating to criminal convictions or offences.

In order to lawfully process special category data you will need:

  • A lawful basis under Article 6 of the GDPR; and
  • A lawful basis under Article 9 of the GDPR; and
  • Depending on your Article 9 lawful basis, you may also need a condition under Schedule 1 of the Data Protection Act 2018; and
  • Depending on your Article 9 lawful basis, you may also need an 'appropriate policy document' which covers you use of special category data.

In order to lawfully process criminal data you will need:

  • A lawful basis under Article 6 of the GDPR; and
  • A lawful ground under Schedule 1 of the Data Protection Act 2018; and
  • An appropriate policy document.

Your appropriate policy document will need to outline the compliance measures you have in place to ensure special category data is processed lawful and details of the applicable retention periods which will apply to special category data.

Steps to Take

In light of this new guidance, you should review the special category data your organisation holds and look at your lawful basis' for processing that information. If an appropriate policy document is required then you will need to review your existing policies to conclude whether or not you need another policy to cover your use of special category data.

For more information contact Daniel Milnes in our Governance, Procurement & Information department via email or phone on 01254 222313. Alternatively send any question through to Forbes Solicitors via our online Contact Form.

Learn more about our Governance, Procurement & Information department here

Biometric Data in the Workplace

Article 8 Rights of Prisoners and their Children

Contact Us

Get in touch to see how our experts could help you.

Call0800 689 3206

CallRequest a call back

EmailSend us an email

Make an Enquiry

Contacting Us

Monday to Friday:
09:00 to 17:00

Saturday and Sunday:
Closed