Sensitive processing and relevant Schedule 8 conditions
We carry out sensitive processing of all categories of data defined in Part 3, section 35(8) except for the processing of genetic data, or of biometric data, for the purpose of uniquely identifying an individual.
We shall carry out sensitive processing under Section 35(3) of the DPA 2018 only in reliance on the consent of the data subject or where it is strictly necessary for the law enforcement purposes and it meets one of the conditions set out in Schedule 8 of the DPA 2018.
We carry out sensitive processing, for which an APD is required, under the following Schedule 8 conditions:
Schedule 8(1) – statutory purposes
For example:
- where we have a legal obligation to investigate and prosecute criminal offences.
- where it is in the substantial public interest for us to investigate and prosecute a criminal offence
Schedule 8(2) – administration of justice
For example:
- to ensure the appropriate enforcement of breaches of the laws and statutes that the we are responsible for implementing
Schedule 8(6) – legal claims
For example:
- for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings) that we are engaged in
- to obtain legal advice
- for establishing, exercising and defending legal rights
Schedule 8(8) – preventing fraud
For example:
- disclosures of personal data to an anti-fraud organisation, such as the through the National Fraud Initiative