Art. 9(2)(h) provided for by Schedule 1, Part 1, § 2.
Art. 9(2)(i) provided for by Schedule 1, Part 1, § 3.
*Processing of data concerning health, racial or ethnic origin, genetic or biometric data, sexual life or orientation by not for profit bodies providing support to those with a disability or medical condition permitted - must be necessary for reasons of substantial public interest; condition not available if organisation is aware the data subject witholds consent - Schedule 1, Part 2, § 16.
*Schedule 1, Part 2, § 20 - processing personal data relating to racial/ ethnic origin; religious or philosophical beliefs; trade union membership; genetic data or health data - permitted for insurance purposes (where there is no impact on the actual data subject).
*Schedule 1, Part 1, § 21 - processing of health data about relatives of membrs of occupational pension schemes - where no impact on the data subject.
* must also have an appropriate policy document in place which sets out how the controller will comply with principles at Art 5 GDPR; retention and erasure (including indicating retention periods). Policy document must be reviewed and be available to the Information Commissioner on request. Record of processing myst specify lawful basis for processing under Arts. 9 & 6 GDPR; whether processing meets the policy documents described above. (Schedule 1, Part 4)