Data Protection Bill

Written evidence submitted by The Officers’ Association (DPB21)

The Officers’ Association is a registered charity, established under Royal Charter. Our purpose is to assist officers as they move into civilian employment and to provide assistance to former officers and their dependants in need.

In common with other charities, we have considered carefully what lawful basis we should use for processing the personal data of those seeking our assistance.  In some circumstances, we believe we can depend on legitimate interest e.g. if an officer is seeking advice on civilian employment. Unlike a business we have no contract in place with our clients. 

When a person comes to us for financial assistance, we ask for more extensive information on the whole family.  Some of this we may be able to process under legitimate interest, but we sometimes seek special category data, for instance:

Religion: because some funds are only available to people pf certain faiths;

Health: in order to obtain a full picture of the person’s need.

We seek consent for processing such data; in some circumstances details of religion can be treated as optional, but it would be harder for us to provide the service sought from us if we were not aware of relevant health issues. 

As a charity we do not fall into any of the categories listed in Article 9 of GDPR, but we should like the UK Bill to give further clarity to whether "vital interests" would apply only to somebody in extremis. Without a clearer definition for the charity sector the current Bill leaves many charities dependent on seeking explicit consent in order to provide their designated services. 

Furthermore, we may also seek information about criminal convictions as relevant to understanding the needs of our client, but we don not fall into any of the categories listed in Schedule 1 of the UK Bill.  We are a not for profit body but we do not have a political, philosophical, religious or trade union aim.

We also seek the personal data of family members in cases of need, in particular of children.  It is rarely appropriate or practical to seek the consent of such third parties whether they be adult or under 18.  We therefor process a minimal amount of their personal data on the basis of legitimate interest.  We recognise the rights of children under data protection legislation and we understand the need for particular emphasis in the legislation on Information Security Services, but we would welcome greater guidance on grounds for processing children’s data for those not fulfilling a contract.

March 2018

 

Prepared 13th March 2018