To process personal data, the Trust must have lawful grounds for processing as provided for in the UK GDPR.
The day to day processing of personal data relating to health care does not rely on consent. The most commonly lawful grounds for processing in a health care setting is as follows:
- Vital Interests – example / more info
- Public Task in the Public Interest – example explained below
As Health Care data is categorised as “special category”; another basis is required for the lawful processing of this data.
The most commonly used in health care settings:
- Vital Interests
- Public Interest
- Health
- Public Health
See example below:
The processing for the Direct Care of Patients
The legal basis is:
Public task – the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
The Public Task Function is outlined in the Health & Social Care (Reform) Act (NI) 2009
The provision of health or social care or treatment or the management of health or social care systems and services.
- The service meets the associated condition in UK law, set out in Part 1 of Schedule 1 of the DPA 2018 for Health or social care purposes:
- 2(1) This condition is met as the processing is necessary for health or social care purposes.
The Trust may on occasion rely on Legitimate Interests as a lawful basis of processing when not performing ‘core tasks’. When they do this, they will undertake a legitimate interest test.