Control Strategy GDPRArt.9.2c.ConsentIfAble

URI: CSG-GDPR-Art9-2-c

Package: GDPR

Description: Processing of special category data Data to protect vital interests must have the consent of the data subject DataSubject if they are in a position to make a consent decision. One must check their competence to make such a decision, and provide a consent interface to support this if they can. The data Data must then be protected by a policy managed according to their consent decision(s) and linked to their data, with an enforcement point at Service, the process accessing their data. If the subject cannot provide a consent decision, it is legal to proceed, so there should be a way to bypass the enforcement point only in that case via a break the glass protocol. Finally, access to the data must be logged (including use of this override).

(empty)

P.GDPR.HuSDPS-io.9

Condition for processing special category Data related to DataSubject: since the data Data being processed is special category data, it may be necessary to obtain consent from the data subject DataSubject even if the legal basis for processing is not based on consent.

(empty)

BreakTheGlass at Role_Data

ConsentEnforcement at Role_Service

ConsentInterface at Role_DataSubject

ConsentManagement at Role_Data

LegalCompetenceCheck at Role_DataSubject

Logging at Role_Service

SubjectToGDPR at Role_DataSubject

Control Strategy GDPRArt.9.2c.ConsentIfAble

Mitigated Threats (0)

Blocked Threats (1)

P.GDPR.HuSDPS-io.9

Triggers Threats (0)

Control Sets (7)