This guidance discusses special category data in detail. Read it if you have detailed questions not answered in the Guide, or if you need a deeper understanding of the conditions for processing special category data to help you comply in practice. It is aimed at DPOs and those with specific data protection responsibilities in larger organisations.
If you haven’t yet read the 'in brief’ page on special category data in the Guide to Data Protection, you should read that first. It introduces the topic and sets out the key points you need to know, along with practical checklists to help you comply.
What is special category data?
- What are the ‘special categories of personal data’?
- Why is this data special?
- What is genetic data?
- What is biometric data?
- What is health data?
- What about criminal offence data?
- What about inferences and educated guesses?
What are the rules on special category data?
- What does the UK GDPR say?
- What does the DPA 2018 say?
- What is the combined effect of these rules?
- How do the conditions work?
- What does ‘necessary’ mean?
- How does this affect our lawful basis?
- Do we need to do a DPIA?
- What else do we need to do?
What are the conditions for processing?
- (a) Explicit consent
- (b) Employment, social security and social protection law
- (c) Vital interests
- (d) Not-for-profit bodies
- (e) Made public by the data subject
- (f) Legal claims and judicial acts
- (g) Substantial public interest
- (h) Health or social care
- (i) Public health
- (j) Archiving, research and statistics