Threat P.GDPR.HuSDPS-io.9

URI: P.GDPR.HuSDPS-io.9

Package: GDPR

Description: Condition for processing special category Data related to DataSubject: since the data Data being processed is special category data, it may be necessary to obtain consent from the data subject DataSubject even if the legal basis for processing is not based on consent.

Threat Type: Primary Threat

Matching Pattern:

MP-HuSDPS-io

Finds a Stakeholder operating a Process that is using Special Category Data relating to a Human data subject who is not operating the process providing access to the data.

(empty)

CSG-GDPR-Art6-1-d

(empty)

CSG-GDPR-Art9-2-c

Processing of special category data Data to protect vital interests must have the consent of the data subject DataSubject if they are in a position to make a consent decision. One must check their competence to make such a decision, and provide a consent interface to support this if they can. The data Data must then be protected by a policy managed according to their consent decision(s) and linked to their data, with an enforcement point at Service, the process accessing their data. If the subject cannot provide a consent decision, it is legal to proceed, so there should be a way to bypass the enforcement point only in that case via a break the glass protocol. Finally, access to the data must be logged (including use of this override).

Threat P.GDPR.HuSDPS-io.9

MP-HuSDPS-io

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (1)

Misbehaviour Sets (0)

Control Strategies (1)