Textseite
Special categories
Abschlussbedingungen
Art. 9 GDPR - Processing of special categories of personal data
- Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
- [...}
What does that mean?
Article 9 lists a number of data types that are subject to special protection. Processing such data is possible under certain conditions, but requires a particularly high level of protection.
The GDPR describes the conditions under which the processing of such data is permitted (see Article 9 (2)):
- The data subject has expressly consented to the processing.
- The processing is necessary due to obligations under labour or social law.
- Processing is necessary to protect vital interests and the data subject is physically or legally incapable of giving consent.
- The processing relates to data that the data subject has obviously made public.
- Processing is necessary for the establishment, exercise or defence of legal claims.
- Processing is necessary for the purposes of preventive health care, occupational medicine, medical diagnosis, health care or social treatment.
- Processing is necessary for reasons of public interest.
Risk assessment
The processing of personal data also involves a risk assessment. There is information that is considered less risky and information that is particularly worthy of protection. For example, children deserve special protection according to the GDPR, "as children may be less aware of the relevant risks, consequences and safeguards and of their rights in relation to the processing of personal data" (see Recital 38, GDPR).
Note: Extreme caution is required when processing special categories of personal data. The processing of this data should only be carried out under appropriate security measures. In this case, it is strongly recommended to document all processes and measures that have been introduced to protect the data.
GDPRism ist ein Projekt der Organisationen Medienkompetenz Team e.V. und Educommart und wurde kofinanziert durch das ERASMUS+ Programm der Europäischen Union.
Von der Europäischen Union finanziert. Die geäußerten Ansichten und Meinungen entsprechen jedoch ausschließlich denen des Autors bzw. der Autoren und spiegeln nicht zwingend die der Europäischen Union oder der Europäischen Exekutivagentur für Bildung und Kultur (EACEA) wider. Weder die Europäische Union noch die EACEA können dafür verantwortlich gemacht werden
