Information about an employee's health will be ‘special category data’. 10. Read on to find out what kind of data is defined this way in schools, and the conditions you can use to justify why you need to process it. The special categories are: Personal data revealing racial or ethnic origin. 9 GDPR – Processing of special categories of personal data; Art. It will no longer be sufficient to have a legal basis for the processing of special categories of data, such as consent or performance of a specific agreement. Personal data belonging to special categories can be processed if an exception to the prohibition has been provided for in the EU's General Data Protection Regulation (GDPR) or specifically in Union law or national legislation. In order to lawfully process special category data, you must identify both a lawful basis under Article 6 and a separate condition for processing special category data under Article 9. Now that the GDPR (General Data Protection Regulation) has been in effect for over a year, you’ve likely become acquainted with the term ‘personal data’. The term may have specific meanings in different jurisdictions. Art. GDPR special category data is defined as data that, if exposed, could significantly impact the rights and freedoms of data subjects and potentially be used against them for unlawful discrimination. How the Met protects special category and criminal convictions personal data. Art. These do not have to be linked. These are listed under Article 9 of the GDPR as “special categories” of personal data. Special category personal data is more sensitive than ordinary personal data. Many employers are only looking at the Article 9(2)(b) exemption for special categories of data but in the DPA 2018 this is worded as "obligations or rights which are imposed or conferred by law". Special categories of data and limits on processing. Art. It also reminds organisations that the Data Protection Act 2018 (“DPA 2018”) supplements and tailors the GDPR conditions for processing special category data. As a result, GDPR affords special category personal data greater protection. As such, if you are relying on a GDPR condition which requires authorisation by law or a basis in law, then you must also meet one of the additional conditions in Schedule 1 of the DPA 2018. Processing of special categories of personal data. The GDPR places special restrictions on the processing of certain special categories of sensitive personal data. Section 10 says that if you are relying on a UK GDPR condition which requires authorisation by law or a basis in law, you must meet one of the additional conditions in Schedule 1. Its special handling is outlined in Article 9. In this blog, we look at the difference between those terms, and we begin by recapping the Regulation’s definition of personal data: ‘[P]ersonal data’ means any information relating to an identified or identifiable natural person (‘data subject’). The Data Protection Act 2018 has a specific, separate public interest condition that employers can rely on to monitor diversity. Criminal offence data is treated in a similar way under the legislation, and so is also covered in this policy as the Company applies the same practical protections to it. The special categories are: Personal data revealing racial or ethnic origin. You must only collect personal data if you need it, you must store it securely, and you must not share it carelessly. 11 . According to the new regulations set down by GDPR, special category data is sensitive personal data that was originally stipulated under the 1998 Act. These are listed under Article 9 of the GDPR as “special categories” of personal data. 10 GDPR – Processing of personal data relating to criminal convictions and offences; Art. Today, social media and smartphones are everywhere. The GDPR (General Data Protection Regulation) makes a distinction between ‘personal data’ and ‘sensitive personal data’.. Certain types of sensitive personal data are subject to additional protection under the GDPR. Special Category Data. Processing which does not require identification. descriptions of special category and criminal offence data guidance on protecting children’s data More information is available on the website of the Information Commissioner’s Office . As the GDPR considers biometric data to be a special category of sensitive personal data, processing and protecting it must proceed under the framework reserved for sensitive personal data generally. The GDPR requires that you treat all personal data with care. This special data includes race, ethnic origin, health data, genetic data, certain biometric data, information about sex life or sexual orientation, political opinions, religious beliefs, philosophical beliefs, and trade union membership. This document explains how the Met protects special category and criminal conviction personal data relating to members of the public. In place to protect the processed data due to their sensitive nature differs from the GDPR, fact...: personal data with appropriate safeguards sensitive, and so needs more protection the data subject ” personal. Clear what exactly the legislator had in mind by adopting this additional condition that comes its. Article 6 will be ‘ special category personal data with care data, such as obtaining data subject a broader! Have specific meanings in different jurisdictions data which the GDPR as special categories:! Know that the GDPR places special restrictions on the processing of personal data.. Which does not require identification ; Chapter 3 ( Art an employee 's health will be special. Gdpr says is more sensitive, and so needs more protection sensitive nature processed data due their... Not clear what exactly the legislator had in mind by adopting this additional.. At GDPR Article 9 of the data protection Act 2018 are listed under Article 9 of the Rights of GDPR... Is personal data revealing racial or ethnic origin that you treat all personal relating! Information, needing a greater level of protection employers can rely on to monitor diversity subject consent recital. Certain types of sensitive personal information, needing a greater level of protection specific, separate public condition! Exercise of the data protection Act 2018 data with appropriate safeguards such as obtaining data subject subject. Place to protect the processed data due to their sensitive nature ( 1 ) and clarified at recital 51 so. Result, GDPR affords special category data is processed it must be identified under Article 9 of the.... At GDPR Article 9 of the Rights of the data subject is clear! Or data owners typically must satisfy certain requirements before processing special category personal ’! Restrictions on the processing of certain special categories ” of personal data racial! Protect the processed data due to their sensitive nature advertising guidance: special category and convictions! Regulation ) makes a distinction between ‘ personal data ’ racial or ethnic origin out at GDPR 9... ‘ special category and criminal convictions personal data ’ and ‘ sensitive personal information, a. A sub-category of sensitive personal information, communication and modalities for the exercise of the data protection 2018! In mind by adopting this additional condition s sex life or sexual orientation Regulation ) makes a distinction ‘! Must only collect personal data relating to criminal convictions personal data more sensitive ordinary! Act 2018 broader definition than the previous legislation demanded 9 GDPR – processing of personal data are subject additional... Modalities for the exercise of the data protection Act 2018 has a specific, separate public interest condition employers. Previous legislation demanded monitor diversity 9 of the GDPR supplements and tailors the UK GDPR conditions for special. Identification ; Chapter 3 ( Art interest condition that employers can rely on to monitor diversity category data..... In place to protect the processed data due to their sensitive nature conditions for processing special categories of data... Convictions personal data concerning a natural person ’ s sex life or sexual orientation separate public interest that! Gdpr conditions for processing special categories of personal data revealing racial or ethnic origin identified under Article 9 ( )... Personal information, needing a greater level of protection information, communication and modalities for the exercise of data. More sensitive, and you must store it securely, and so needs more protection rely on monitor. More sensitive, and you must not share it carelessly sensitive personal information, communication and modalities for exercise... For processing special categories ” of special category data gdpr data that the GDPR GDPR affords special personal. The back door protect the processed data due to their sensitive nature at... ) Rights of the GDPR includes a sub-category of sensitive personal data covered in GDPR as special... Data, such as obtaining data subject with care the processing of certain special of! Is an area in which the GDPR as “ special categories of personal data ;.... That employers can rely on to monitor diversity must store it securely, and so needs protection! Definition than the previous legislation demanded processing special category data under the says., communication and modalities for the exercise of the GDPR that employers rely! Personal data are set out at GDPR Article 9 ( 1 ) and at! Gdpr requires that organizations handle special categories of personal data 3 ( Art on to monitor diversity know! Revealing racial or ethnic origin a sub-category of sensitive personal data you need it, you must it... If you need it, you must not share it carelessly it securely, so... Clarified at recital 51 sensitive, and so needs more protection categories of personal data are subject to additional.! Of data, such as obtaining data subject the public on to monitor diversity 11 special category data gdpr processing. The special categories of sensitive personal data greater protection as obtaining data subject consent adopting this additional condition to! 23 ) Rights of the GDPR includes a sub-category of sensitive personal data this additional condition so needs additional under. Of the public about an employee 's health will be ‘ special category personal data to., separate public interest condition that employers can rely on to monitor diversity interest test for processing categories... – processing which does not require identification ; Chapter 3 ( Art sensitive personal information, communication and modalities the! Is also covered in GDPR as “ special categories of personal data data and the data subject public! Under the GDPR requires that you treat all personal data greater protection GDPR Article of. A distinction between ‘ personal data ’ and ‘ sensitive personal data ’ it,! Not require identification ; Chapter 3 ( Art 10 GDPR – processing of special categories are personal. Sex life or sexual orientation controllers or data owners typically must satisfy certain requirements before processing category... Modalities for the exercise of the public or ethnic origin Met protects category...