Threat P.GDPR.HuSDPoS-i.9

URI: P.GDPR.HuSDPoS-i.9

Package: GDPR

Description: Condition for processing special category data Data related to DataSubject: since the data Data being processed is special category data, it may be necessary to obtain consent from the data subject DataSubject even if the legal basis for processing is not based on consent.

Threat Type: Primary Threat

Matching Pattern:

MP-HuSDPoS-i

Finds a Stakeholder operating a Process that is using Special Category Data relating to a Human data subject, where the subject operates the Service providing (and controlling) access to the data but not the Process using it.

(empty)

CSG-GDPR-Art6-1-d-p

(empty)

CSG-GDPR-Art9-2-c-p

Processing of special category data Data to protect vital interests must have the consent of the data subject DataSubject if they are in a position to make a consent decision. One must check their competence to make such a decision, and provide an interface that explains the purpose of processing. Enforcement can be handled by the DataSubject if they control the storage device, consent being inferred if they allow access. If they are not able to provide a consent decision, it is legal to take their device and access it outside their control.

Threat P.GDPR.HuSDPoS-i.9

MP-HuSDPoS-i

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (1)

Misbehaviour Sets (0)

Control Strategies (1)