UK – The Information Commissioner’s Office (ICO) has launched new guidance on how to handle special category data under the General Data Protection Regulation (GDPR).
Under GDPR, organisations must take extra steps to protect sensitive types of personal information that, if misused, could infringe on an individual’s rights and freedoms.
Special category data includes information about someone’s health, sex life or orientation, racial or ethnic origin, political views, religious or philosophical beliefs and trade union membership, as well as biometric and genetic data.
Organisations processing special category data need an Article 9 condition for doing so, as well as potentially an ‘appropriate policy document’ outlining their compliance measures and retention policies.
In a blog post, Ian Hulme, director for regulatory assurance at the ICO, said: “Special category data is the most sensitive personal data a controller can process. The misuse of this data is likely to interfere with an individual’s fundamental rights and freedoms and could cause real harm and damage.
“Due to the possible risks, the ICO expects controllers to take all necessary precautions to protect this data.”
The guidance is found on the ICO website.