April 30, 2020

What does GDPR mean by Vital Interests?

Where you have concluded that the legal basis for processing the data of an individual is “vital interests” then you need to be very clear why this is so. 

To demonstrate this, you will need to have recorded why, in each instance, the “Vital Interest” approach is the appropriate one. In some instances, this can be done on a group of individuals (eg. Those at risk from a particular genetic disease).

Your records should show also how you have informing the individuals concerned that this is the approach you have adopted.

You should be aware, however, this this lawful basis is regarded as being limited in scope inasmuch as it covers life and death scenarios only:

  • Thus, the processing of medical details of an individual when they are unconscious and needing prompt medical attention will apply. 
  • The processing of the same medical data in preparation for a planned procedure booked in advance, will not be covered by this lawful basis.
  • Note also that where medical data is concerned, this is also a Special Category Data so the basis for processing such data also needs to be recorded and managed.

As this area is complex, it is recommended that specific guidance and training be given to staff to ensure they understand the restrictions here. 

This becomes the first step in the subsequent review of your existing scenarios to see if you have been processing this sort of data previously and if so, what changes to the approach need to be made going forwards.  Do not forget to alert the individual concerned to any changes or relevant decisions that might affect them, their data or how their data will be processed henceforth.

Secure Business Data

We are here to help you secure your business data using cutting edge technology.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram