Data Protection Act 2018 Live Online Learner Guide

Data Protection Act 2018 Training Course

Resource Section

Quick questions 3: Can you list two examples of when special categories of data may be processed without the consent of the data subject in order to prevent or detect an unlawful act?


• An insurance company suspects a fraudulent claim is being made. • A social welfare employee suspects an individual is claiming sickness benefit, when they are not in fact ill.

Do you think the controller must have an appropriate policy document in place before an unlawful act could be reported to the police or another competent authority?

Answer: A controller processing data for preventing and detecting unlawful acts for reasons of substantial public interest can process this data, even if the controller does not have an appropriate policy document in place.

Quick question 4: Under what circumstances can criminal convictions or offences data be lawfully processed?

Answer: Under any of the following conditions: a) Consent – processing with the data subject’s consent. b) Protecting an individual’s vital interests – where the individual is physically or legally incapable of giving consent. c) Processing by not-for-profit bodies – providing that the processing relates solely to the members or former members of the body and the personal data is not disclosed outside that body without the individual’s consent. d) Personal data in the public domain – i.e. personal data that has already been made public by the data subject. e) Legal claims – where the processing is necessary in connection with any legal proceedings (including prospective), is necessary for the purpose of obtaining legal advice or is necessary to establish, exercise or defend legal rights. f) Judicial acts - if the processing is necessary when a court or tribunal is acting in its judicial capacity. g) Administration of accounts used in commission of indecency offences involving children – where the processing concerns a conviction or caution for an offence involving children or is in relation to a payment card used in the commission of the offence. h) If the processing falls under one or more of the substantial public interest conditions (as listed in module 1). i) If the processing is necessary for an insurance purpose – for example, processing of penalty points for the purposes of rating the insurance premium or processing of data relating to drink driving offences as part of the claim assessment.

Page 98 of 105

 IT Governance Ltd 2019


Made with FlippingBook HTML5