Arrange a Consultation

As a sole medical practitioner, not all the requirements of GDPR apply?

Mar 14 - Brian Siney

Featured in JEP’s Expert Panel – 14th March 2018


While GDPR considers the nature, scope, context and purpose of your data processing when it comes to assessing the appropriateness of your technical, security and organisational measures, the focus is directed more towards the type of data you are processing and resultant risks to the rights and freedoms of the data subjects therefrom.

For example A30(5) of GDPR provides for exemptions from having to maintain a comprehensive record of processing where you have fewer than 250 employees. However, this exemption does not apply when the data being processed is ‘special category’ data or relates to criminal convictions or offences.

A9 of GDPR states ‘Special category’ data covers race, ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, genetic data, biometric data, health data, person’s sex or sexual orientation.

So under GDPR, it’s the fact that you process a person’s health data that brings you into scope of the full obligations of GDPR in this example. There is still consideration given to the size of your organisation but far more emphasis on how you are managing the security, confidentiality and processing of this high risk ‘special category’ data.

Ensure Your Business is GDPR Compliant Today!

Contact me today and arrange a consultation…

Be Secure is a Jersey-based data consultancy business specialising in GDPR data protection, data privacy and cyber security. Leveraging extensive experience of founder Brian Siney, Be Secure offers a unique business focus and perspective for managing GDPR.

Send me a message

Call me on 07797 738743

More from the blog

Back to Blog home