> -----Original Message-----
> From: This list is for those interested in Data Protection issues [mailto:data-
> [log in to unmask]] On Behalf Of Chris Pounder
> Sent: 02 April 2015 15:16
> To: [log in to unmask]
> Subject: Sched 2/3 combinations: Conditions for Processing Sensitive
> Personal Data
>
> If you use data subject consent, you are more or less admitting that the
> processing is not “necessary” for your functions.
Aha. You're quoting *my* privacy course there ;-)
> If the processing “necessary” for your functions you don’t need to rely on
> consent.
>
> In fact, the Regulation is likely to limit the choice for public bodies to be
> necessary for your functions or legal obligation (equivalent of para 5 or 3 of
> sched 2; para 7 sched 3)
Something that's puzzled me for a while... Is it defined anywhere how wide "public body" goes? If it's as wide as, e.g. FoIA, I can think of a lot of organisations within scope whose detailed processing activities aren't laid down in law. Or is the "necessary for public function" wide enough to catch those, do you think (and, if so, why the need for legal obligation at all?) ?
Cheers
Andrew
> C
>
>
>
> That’s what we tell our BCS DP delegates (reminder to those who are
> revising!); places available on next DP courses in Leeds and London (end of
> April) – that’s the advert!
>
>
>
> If someone says “I hope Barnsley get promoted to the Championship”, then I
> might give them a deal? – that’s a bribe
>
>
>
>
>
>
>
> From: This list is for those interested in Data Protection issues [mailto:data-
> [log in to unmask]] On Behalf Of Amy Jaines
> Sent: 02 April 2015 14:08
> To: [log in to unmask]
> Subject: [data-protection] Conditions for Processing Sensitive Personal Data
>
>
>
> Afternoon All,
>
>
>
> I wonder if the list may be able to settle a disagreement for me in relation to
> the conditions for processing sensitive personal data by advising which of the
> following positions you consider to be correct.
>
>
>
> 1. When seeking to process sensitive personal data a data controller must
> be able to satisfy at least one condition from both schedule 2 and schedule 3
> (as we all know) and these conditions may be the same condition from both
> schedules for example if an individual provides their explicit consent for the
> processing of their sensitive personal data then that satisfies both condition 1
> from schedule 2 and condition 1 from schedule 3 so there is no requirement
> to look to satisfy any other conditions for processing.
>
>
>
> 2. When seeking to process sensitive personal data a data controller must
> be able to satisfy at least one condition from both schedule 2 and schedule 3
> but they must be different. Referring back to the example above, if the data
> controller were to rely on explicit consent as their condition for processing
> from Schedule 3, they would have to then look to satisfy another condition
> from schedule 2 such as statutory power, duty or legitimate interest
>
>
>
> Looking forward to receiving your views on this matter.
>
>
>
> Kind regards and best wishes,
>
>
>
> Amy Jaines
>
>
>
> ________________________________
>
> ----------------------------------------- Note: We are a Microsoft Office site. Our
> base version is 2010. Please make sure that files you send can be read in this
> format. Any form of reproduction, dissemination, copying, disclosure,
> modification, distribution and/or publication of this e-mail is strictly
> prohibited save unless expressly authorised by the sender. The information
> contained in this message is intended for the named recipients only. It may
> contain privileged and confidential information and if you are not the
> addressee or the person responsible for delivering this to the addressee, you
> may not copy, distribute or take action in reliance on it. If you have received
> this message in error, please notify the sender(s) immediately by telephone.
> Please also destroy and delete as soon as possible the message from your
> computer.
> **********************************************************
> ***********************
> **********************************************************
> ***********************
>
> ________________________________
>
> All archives of messages are stored permanently and are available to the
> world wide web community at large at http://www.jiscmail.ac.uk/lists/data-
> protection.html
>
> Selected commands (the command has been filled in below in the body of
> the email if you are receiving emails in HTML format):
>
> * Leaving this list: send leave data-protection to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
> * Suspending emails from all JISCMail lists: send SET * NOMAIL to
> [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
> * To receive emails from this list in text format: send SET data-
> protection NOHTML to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
> * To receive emails from this list in HTML format: send SET data-
> protection HTML to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
>
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body
> of an otherwise blank email to [log in to unmask]
> <mailto:[log in to unmask]>
>
> Any queries about sending or receiving messages please send to the list
> owner [log in to unmask] <mailto:data-protection-
> [log in to unmask]>
>
> (Please send all commands to [log in to unmask]
> <mailto:[log in to unmask]> not the list or the moderators, and all
> requests for technical help to [log in to unmask]
> <mailto:[log in to unmask]> , the general office helpline)
>
> ________________________________
>
> ________________________________
>
> All archives of messages are stored permanently and are available to the
> world wide web community at large at http://www.jiscmail.ac.uk/lists/data-
> protection.html
>
> Selected commands (the command has been filled in below in the body of
> the email if you are receiving emails in HTML format):
>
> * Leaving this list: send leave data-protection to
> [log in to unmask] <mailto:[log in to unmask]&BODY=LEAVE data-
> protection>
> * Suspending emails from all JISCMail lists: send SET * NOMAIL to
> [log in to unmask] <mailto:[log in to unmask]&BODY=SET *
> NOMAIL>
> * To receive emails from this list in text format: send SET data-
> protection NOHTML to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET data-protection NOHTML>
> * To receive emails from this list in HTML format: send SET data-
> protection HTML to [log in to unmask]
> <mailto:[log in to unmask]&BODY=SET data-protection HTML>
>
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body
> of an otherwise blank email to [log in to unmask]
> <mailto:[log in to unmask]>
>
> Any queries about sending or receiving messages please send to the list
> owner [log in to unmask] <mailto:data-protection-
> [log in to unmask]>
>
> (Please send all commands to [log in to unmask]
> <mailto:[log in to unmask]> not the list or the moderators, and all
> requests for technical help to [log in to unmask]
> <mailto:[log in to unmask]> , the general office helpline)
>
> ________________________________
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
