Statutory and government purposes |
The processing is necessary for reasons of substantial public interest and for the exercise of a function:
-
given to a person by an enactment or rule of law
-
of the Crown, a Minister of the Crown or a government department
|
Administration of justice and parliamentary purposes |
The processing is necessary for:
|
Equality of opportunity or treatment |
This is where the processing is of a specified category of personal data that identities groups of people in relation to that data, and includes personal data:
-
revealing racial/ethnic origin (ie people of different racial or ethnic origins)
-
revealing religious/philosophical beliefs (ie people holding different religious or philosophical beliefs)
-
concerning health (ie people with different states of physical or mental health)
-
concerning an individual’s sexual orientation (ie people of different sexual orientation)
The processing must also be necessary to identify or review the existence/absence of equality of opportunity or treatment between the groups of people specified in relation to the category of personal data to enable such equality to be promoted/maintained. |
Racial and ethnic diversity at senior levels |
The processing is of personal data revealing racial/ethnic origin and:
-
is carried out to identify individuals to hold senior positions in organisations (ie either a specific organisation, a type of organisation or organisations generally), and
-
is necessary to promote/maintain diversity in the racial and ethnic origins of individuals holding senior positions in organisations, and
-
can reasonably be carried out without the consent of the data subject (ie the individual the data relates to). This is the case if:
-
the organisation cannot reasonably be expected to obtain the consent of the data subject, and
-
the organisation is not aware of the data subject withholding consent
Senior positions in an organisation include:
-
directors, secretaries or similar corporate officers
-
members of a limited liability partnership
-
a partner in a partnership, a limited partnership or an entity of a similar character formed outside the UK
-
someone involved in senior management (ie someone who plays a significant role in making decisions about how the organisation’s activities are to be managed or in the actual managing of those activities)
|
Preventing or detecting unlawful acts |
The processing is necessary for the purposes of the prevention or detection of an unlawful act and:
-
is carried out without the data subject’s consent in order to not prejudice those purposes, and
-
is necessary for reasons of substantial public interest
|
Protecting the public |
The processing is necessary for the exercise of a protective function. This is an action intended to protect members of the public against:
-
dishonesty, malpractice or other seriously improper conduct
-
unfitness or incompetence
-
mismanagement in the administration of a body or association
-
failures in services provided by a body or association
The processing must also be carried out without the data subject’s consent in order to not prejudice the exercise of that function and must be necessary for reasons of substantial public interest. |
Regulatory requirements |
The processing is necessary for reasons of substantial public interest and necessary to comply with (or assist others to comply with) a regulatory requirement involving a person taking steps to establish whether another person has:
-
committed an unlawful act
-
been involved in dishonesty, malpractice or other seriously improper conduct
In these circumstances, the organisation cannot reasonably be expected to obtain the consent of the data subject to the processing. |
Journalism, academia, art and literature |
The processing:
-
consists of the disclosure of personal data for journalistic, academic, artistic or literary purposes
-
is carried out in connection with any of the following (whether alleged or established):
-
a person's commission of an unlawful act
-
a person’s dishonesty, malpractice or other seriously improper conduct
-
a person’s unfitness or incompetence
-
mismanagement in the administration of a body or association
-
a failure in services provided by a body or association
-
is necessary for reasons of substantial public interest
-
is carried out with a view to the publication of the personal data by any person, and
-
the organisation reasonably believes that the publication of the personal data is in the public interest
|
Preventing fraud |
The processing is necessary to prevent fraud or a particular kind of fraud and:
-
the personal data is disclosed by a member of an anti-fraud organisation
-
the personal data is disclosed in accordance with arrangements made by an anti-fraud organisation
-
the personal data is processed after being dislocated by a member of or in accordance with arrangements made by an anti-fraud organisation
An anti-fraud organisation is any body corporate, unincorporated association or other person that enables or facilitates any sharing of information to prevent fraud or a particular kind of fraud or which has the prevention of fraud or any kind of fraud as its purpose (or one of its purposes). |
Suspicion of terrorist financing or money laundering |
Where the processing is necessary to make a disclosure in good faith under the:
-
Terrorism Act 2000 - this is disclosure between certain entities within the regulated sector in relation to suspicion of commission of terrorist financing offence or to identifying terrorist property
-
Proceeds of Crime Act 2002 - this is disclosure within the regulated sector in relation to suspicions of money laundering
|
Support for individuals with a particular disability or medical condition |
The processing:
-
is carried out by a not-for-profit body providing support to individuals with a disability or medical condition
-
if the type of data being processed is personal data:
-
is necessary to:
-
raise awareness of the disability or medical condition, or
-
provide support to (or enable individuals to provide support to) individuals who have:
-
the disability/condition mentioned
-
had that disability or condition or
-
a significant risk of developing that disability or condition
-
is necessary for reasons of substantial public interest, and
-
can reasonably be carried out without the consent of the data subject. This is the case if:
-
the organisation cannot reasonably be expected to obtain the consent of the data subject, and
-
the organisation is not aware of the data subject withholding consent
|
Counselling |
The processing is:
-
necessary to provide confidential counselling, advice, support or other similar confidential service
-
necessary for reason of substantial public interest, and
-
carried out without the consent of the data subject for one of the following reasons:
-
where, in the circumstances, the data subject cannot consent to the processing
-
where, in the circumstances, the organisation cannot reasonably be expected to obtain the data subject’s consent to the processing
-
the processing must be carried out without the data subject’s consent because obtaining such consent would prejudice the provision of the confidential (counselling) service
|
Safeguarding of children and individuals at risk |
The processing is:
-
necessary to protect:
-
an individual from neglect or physical, mental or emotional harm
-
the physical, mental or emotional wellbeing of an individual
-
related to an individual under 18 or over 18 and at-risk (eg because they have care/support needs or is experiencing neglect)
-
necessary for reasons of substantial public interest, and
-
carried out without the consent of the data subject for one of the following reasons:
-
where, in the circumstances, the data subject cannot consent to the processing
-
where, in the circumstances, the organisation cannot reasonably be expected to obtain the data subject’s consent to the processing
-
the processing must be carried out without the data subject’s consent because obtaining such consent would prejudice the protection of the individual
|
Safeguarding of economic wellbeing of certain individuals |
The processing is:
-
necessary to protect the economic wellbeing of an individual at economic risk who is over 18 (ie anyone less able to protect their economic wellbeing by reason of physical or mental injury, illness or disability)
-
of personal data concerning health
-
necessary for reasons of substantial public interest, and
-
carried out without the consent of the data subject for one of the following reasons:
-
where, in the circumstances, the data subject cannot consent to the processing
-
where, in the circumstances, the organisation cannot reasonably be expected to obtain the data subject’s consent to the processing
-
the processing must be carried out without the data subject’s consent because obtaining such consent would prejudice the protection of the individual
|
Insurance |
The processing is:
-
necessary for an insurance purpose, including:
-
advising on, arranging, underwriting or administering an insurance contract (ie a general- or long-term insurance contract)
-
administering an insurance claim
-
exercising a right (or complying with an obligation) arising in connection with an insurance contract
-
of personal data revealing racial/ethnic origin, religious/philosophical beliefs, genetic data/data concerning health or trade union, and
-
necessary for reasons of substantial public interest
Where:
-
the processing isn’t carried out for the purposes of measures or decisions with respect to the data subject, and
-
the data subject doesn’t have and isn’t expected to acquire:
The processing doesn’t meet the conditions for processing for insurance purposes unless, in addition to meeting the conditions for insurance processing, it can reasonably be carried out without the consent of the data subject. This is the case if:
-
the organisation cannot reasonably be expected to obtain the consent of the data subject, and
-
the organisation is not aware of the data subject withholding consent
|
Occupational pension |
If the processing:
-
is necessary to make a determination in connection with eligibility for (or benefits payable under) an occupational pension scheme
-
is of data concerning health, relating to the data subject who is the parent, grandparent, great-grandparent or sibling of a member of the scheme, and
-
can reasonably be carried out without the consent of the data subject. This is the case if:
-
the organisation cannot reasonably be expected to obtain the consent of the data subject, and
-
the organisation is not aware of the data subject withholding consent
|
Political parties |
The processing is:
-
of personal data revealing political opinions
-
carried out by a person/organisation included in the register maintained under section 23 of the Political Parties, Elections and Referendums Act 2000, and
-
necessary for the purposes of the person’s or organisation’s political activities (include campaigning, fund-raising, political surveys and case-work)
The processing does not meet the above conditions:
-
if it is likely to cause substantial damage or substantial distress to a person, or
-
the data subject (or one of the data subjects) gives notice in writing to the organisation requiring them not to process their personal data (and has not given notice in writing withdrawing that requirement), and
-
the notice gave the organisation a reasonable period in which to stop processing such data, and
-
that notice period has ended
|
Elected representatives responding to requests |
The processing is:
Where the request is made by someone other than the data subject, the above conditions are met only if the processing must be carried out without the data subject’s consent for one of the following reasons:
-
where, in the circumstances, the data subject cannot consent to the processing
-
where, in the circumstances, the elected representative cannot reasonably be expected to obtain the data subject’s consent to the processing
-
where obtaining the data subject’s consent would prejudice the action taken by the elected representative
-
the processing is necessary in the interests of another individual and the data subject has withheld consent unreasonably
|
Disclosure to elected representatives |
This condition is met if the:
-
processing consists of the disclosure of personal data:
-
to an elected representative (eg a member in the House of Commons, the Mayor of London or a police and crime commissioner) or a person acting with the authority of such a representative, and
-
in response to a communication to the organisation from that representative which was made in response to a request from an individual
-
personal data is relevant to the communication’s subject matter, and
-
disclosure is necessary for responding to that communication
Where the request to the elected representative is made by someone other than the data subject, the above conditions are met only if the disclosure must be made without the data subject’s consent for one of the following reasons:
-
where, in the circumstances, the data subject cannot consent to the processing
-
where, in the circumstances, the elected representative cannot reasonably be expected to obtain the data subject’s consent to the processing
-
where obtaining the data subject’s consent would prejudice the action taken by the elected representative
-
the processing is necessary in the interests of another individual and the data subject has withheld consent unreasonably
|
Informing elected representatives about prisoners |
This condition is met if the:
-
processing is of personal data about a prisoner for the purpose of information a member of the House of Commons, a member of the National Assembly for Wales or a member of the Scottish Parliament about the prisoner, and
-
member is under an obligation not to further disclose the personal data
|
Publication of legal judgments |
The processing:
|
Anti-doping in sport |
The processing is necessary for the purposes of:
-
measures designed to eliminate doping (including includes measures to identify or prevent doping) which are undertaken by (or under the responsibility of) a body/association responsible for eliminating doping in a sport, at a sporting event or in sport generally
-
providing information about doping, or suspected doping, to such a body/association
|
Standards of behaviour in sport |
The processing:
-
is necessary for the purposes of measures designed to protect the integrity of a sport or a sporting event
-
must be carried out without the data subject’s consent so as not to prejudice those purposes, and
-
is necessary for reasons of substantial public interest
‘Measures designed to protect the integrity of a sport or a sporting event’ means measures to protect a sport of sporting event against:
-
dishonesty, malpractice or other seriously improper conduct
-
failure by someone participating in the sport or event (in any capacity) to comply with behaviour standards set by a body/association with responsibility for the sport or event
|