When it necessary and defendable data can be collected and used. Explicitly kinds of data and organisations are mentioned that can store more data than most others. Healthcare and political parties are examples special catagories. Clause 53 deals with health and care
Gerard https://www.gdpr.associates/download-gdpr-text-23-languages/ Special categories of personal data which merit higher protection should be processed for health-related purposes only where necessary to achieve those purposes for the benefit of natural persons and society as a whole, in particular in the context of the management of health or social care services and systems, including processing by the management and central national health authorities of such data for the purpose of quality control, management information and the general national and local supervision of the health or social care system, and ensuring continuity of health or social care and cross-border healthcare or health security, monitoring and alert purposes, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, based on Union or Member State law which has to meet an objective of public interest, as well as for studies conducted in the public interest in the area of public health. Therefore, this Regulation should provide for harmonised conditions for the processing of special categories of personal data concerning health, in respect of specific needs, in particular where the processing of such data is carried out for certain health-related purposes by persons subject to a legal obligation of professional secrecy. Union or Member State law should provide for specific and suitable measures so as to protect the fundamental rights and the personal data of natural persons. Member States should be allowed to maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health. However, this should not hamper the free flow of personal data within the Union when those conditions apply to cross-border processing of such data. Gerard Freriks +31 620347088 gf...@luna.nl Kattensingel 20 2801 CA Gouda the Netherlands > On 27 Jun 2018, at 12:36, Karsten Hilbert <karsten.hilb...@gmx.net> wrote: > > On Wed, Jun 27, 2018 at 12:28:30PM +0200, Diego Boscá wrote: > >> Technically it's ok if patients/citizens are aware of it (and willing to >> share it) > > No, because the basic rule is that > > everything is forbidden > > except where > > explicitely allowed > > PLUS > > it can only be allowed if *necessary* for > a given purpose, > > which, by definition, it is not: > >>>> [...] it is not possible to know which information is >>>> relevant, and that all information is better recorded just in case > > That is, at any rate, the current interpretation I am aware > of here in Germany. > > > Of course, this whole situation attests to the cluelessness > of people designing GDPR. > > "Just in case" is simply not possible. > > But better to let this rest. > > Karsten Hilbert > -- > GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ openEHR-clinical mailing list openEHR-clinical@lists.openehr.org http://lists.openehr.org/mailman/listinfo/openehr-clinical_lists.openehr.org