By Emma Fall and Natalie Glotz Stade, Legal Advisors, JP Infonet AB
When developing social services in the digital world, it is of course extremely important to always keep data protection regulations in mind. The same rules apply throughout Europe through the directly applicable General Data Protection Regulation (GDPR). Personal data may only be processed digitally under the clear conditions set out in the GDPR. Any proposed processing of personal data must therefore necessarily be preceded by a thorough legal analysis in the light of the GDPR. If this is not taken seriously enough, it can result in sky-high penalties for the personal data controller.
National adaptations govern the interpretation
There are possibilities for EU Member States to make national adaptations based on the GDPR’s openings in this regard. The definition and interpretation of the concepts of “public interest”, “legal obligation” and “exercise of official authority” are therefore of central importance for social services. This interpretation is always based on national legislation.
The requirement of a statutory framework for confidentiality
It is also important to realise that the processing of sensitive personal data under the GDPR requires solid security measures such as, first and foremost, a very high level of confidentiality protection based on a statutory framework for confidentiality, which is explicitly stated in the GDPR. Search restrictions on sensitive personal data that are prescribed by law and technical security measures are also obviously part of lawful personal data processing. A legal analysis before the introduction of new digital solutions is therefore indispensable.
JP Infonet are experts in European data protection law and Swedish social law. We are happy to tell you more. You can find us in the exhibition area throughout the whole conference.