Who is considered vulnerable under GDPR?

Sometimes vulnerable people are mentioned when it comes to complying with the General Data Protection Regulation (GDPR). Some examples of vulnerable people might be: 

  • Elderly people
  • People with mental disorders or mental health conditions (whether temporary or ongoing)
  • Asylum seekers
  • People with disabilities
  • Injured or chronically ill people

These are often persons who may not have capacity to act or advocate for themselves, such as by giving ‘explicit consent’.

Processing the data of vulnerable persons can give rise to additional or greater risks.

In addition, having the data of vulnerable people affects how you should communicate with and treat your customers. For example, you must provide information to the individual in a way that suits their needs.

Explicit Consent and Special Category Data

Most people are familiar with ‘Explicit Consent’, but it’s worth noting that special category data is not limited to explicit consent. This data can be processed under ‘substantial public interest’, which allows health data to be processed:

  • where doing so is to preserve the economic well-being of the data subject
  • if obtaining consent is not possible or unreasonable
  • or by trying to obtain consent you would prejudice the assistance you are trying to provide

This means that where consent is not appropriate and the data is necessary to assist the individual’s economic situation, it may be shared with the Vulnerability Registration Service to ensure that financial providers can give them the additional support they may need.

Special category data can be processed under ‘substantial public interest’ (Article 9 Paragraph 2g).

Why is it important to consider the data of vulnerable people?

If you process personal data, your job is to protect the rights and freedoms of your data subjects in accordance with GDPR.

This might involve evaluating risks associated with the processing of personal data, and then acting accordingly.

By evaluating the risks you can provide the right safeguards within your company to ensure the data of your vulnerable customers is at minimum protected, and ideally used to provide a better and more inclusive service. 

Of course, there are many more benefits of considering the data of vulnerable people, please see our blog for further reading.

How does the VRS help businesses with data, vulnerability & GDPR?

When organisations are aware of a vulnerable person’s circumstances, they are better able to treat them appropriately. The VRS provides businesses with the decision-agnostic platform they need to understand more about who they are dealing with at a given point in time. 

Read more here about how we can help businesses.

Access to the VRS database is particularly important for any company who needs to make decisions which can affect the wellbeing of their customers, from something as simple as marketing communications, not harassing a vulnerable person for a TV licence bill, to decisions about lending money.

For example, for financial or legal services companies, it is better for all concerned if the facts are known to the company before they make a lending decision or provide advice. 

It would also benefit vulnerable consumers, who would then not find themselves in financial (or other) hardship with which they may struggle to cope.

Get in touch with our team to enquire about becoming a member organisation of the Vulnerability Registration Service.

Get in touch to register as a business