Genetic, biometric or health data

Last reviewed
Genetic, biometric or health data

Belgium 28.07.2017 n/a
Czech Republic 29.06.2017 n/a
Denmark 29.06.2017 n/a
Finland 02.08.2017 Ministry of Social Affairs and Health responsible for this area and has prepared two legislative proposals.

First, there is a proposal on new Act on the Electronic Processing of Client Data in Social and Health Care Services. This proposal is meant to abrogate the current Act. The proposal has taken into consideration the GDPR requirements.

Second, there is a proposal on Secure Utilisation of Client Data in Social and Health Care. The purpose is to set rules and requirements for utilization (processing) of health data for statistical, research and development purposes and to ease permission procedures. The proposal will bring the rules into line with the GDPR.
France 29.06.2017 Report expresses need to legislate on health data and related processing activities
Germany 07.08.2017 Yes - § 22 stipulates a general framework for the processing of sensitive data, including rules on health data (no explicit restriction to genetic/biometric data). Such processing is, however, only possible if "suitable and specific" safeguards are taken to protect such data. The safequards may include technical and organisational measures, pseudonymisation, encryption, or the appointment of a Data Protection Officer ("DPO") etc.
Ireland  12.09.2017 The General Scheme envisages that the processing of biometric data for identification and security purposes will be permitted, subject to appropriate safeguards.
Italy 28.06.2017 Under Garante's Guide, written consent is not mandatory.

Principles under existing DPA guidelines on biometric data still apply to the processing of this data.
Netherlands 28.06.2017 Draft Act provides a limited list of purposes for which processing genetic data, biometric data and health data is allowed.
Poland 01.08.2017 n/a
Spain 27.07.2017 Legislation to be drafted within 2 years.
Sweden 17.07.2017 n/a
UK 07.08.2017 n/a