Data Protection Policy
12. Processing sensitive personal data
12. Processing sensitive personal data
12.1 On some occasions we may collect information about individuals that is defined by the GDPR as special categories of personal data, and special rules will apply to the processing of this data. In this policy we refer to “special categories of personal data” as “sensitive personal data”. The categories of sensitive personal data are set out in the definition in Section 3.9.
12.1 On some occasions we may collect information about individuals that is defined by the GDPR as special categories of personal data, and special rules will apply to the processing of this data. In this policy we refer to “special categories of personal data” as “sensitive personal data”. The categories of sensitive personal data are set out in the definition in Section 3.9.
12.2 Purely financial information is not technically defined as sensitive personal data by the GDPR. However, particular care should be taken when processing such data, as the ICO will treat a breach relating to financial data very seriously.
12.2 Purely financial information is not technically defined as sensitive personal data by the GDPR. However, particular care should be taken when processing such data, as the ICO will treat a breach relating to financial data very seriously.
12.3 In most cases, in order to process sensitive personal data, we must obtain explicit consent from the individuals involved. As with any other type of information we will also have to be absolutely clear with people about how we are going to use their information.
12.3 In most cases, in order to process sensitive personal data, we must obtain explicit consent from the individuals involved. As with any other type of information we will also have to be absolutely clear with people about how we are going to use their information.
12.4 It is not always necessary to obtain explicit consent. There are a limited number of other circumstances in which the GDPR permits organisations to process sensitive personal data. If you are concerned that you are processing sensitive personal data and are not able to obtain explicit consent for the processing, please contact the IAP Secretary
12.4 It is not always necessary to obtain explicit consent. There are a limited number of other circumstances in which the GDPR permits organisations to process sensitive personal data. If you are concerned that you are processing sensitive personal data and are not able to obtain explicit consent for the processing, please contact the IAP Secretary
Click on the links below for other sections of the IAP Data Protection Policy:
Click on the links below for other sections of the IAP Data Protection Policy:
3. Definitions of data protection terms
5. Processing data fairly and lawfully
6. Processing data for the original purpose
7. Personal data should be adequate and accurate
8. Not retaining data longer than necessary
9. Rights of individuals under the GDPR
11. Transferring Data Outside the EEA