Safeguards policy

Sensitive processing

Section 35 DPA 2018 states that, in order to comply with the first data protection principle (processing must be lawful and fair), where the processing for the law enforcement purposes includes sensitive processing, the processing will be permitted if the requirements of section 35(4) are complied with.

Sensitive processing is defined at section 35(8) DPA 2018 as the processing of:

  • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership
  • genetic data, or of biometric data, for the purpose of uniquely identifying an individual
  • data concerning health
  • concerning an individual's sex life or sexual orientation

Section 35(4) and (5) states that sensitive processing for law enforcement purposes can only be undertaken:

  • where the data subject has given consent to the processing or
  • the processing is strictly necessary for law enforcement purposes

In respect of both bullet points above, we have an appropriate policy document under section 42 DPA 2018 in place.