Ensuring genetic privacy
Keeping genetic data private is at the heart of Undisclosed DNA’s mission and our technology. Not only do we believe that everyone has the right to their DNA being kept private, under the UK’s General Data Protection Regulation (UK GDPR), both Government and private sector businesses are already required to do so.
What the UK GDPR says about genetic data
Under the UK General Data Protection Regulation (UK GDPR), DNA is classified as genetic data, a type of special category data that requires a higher level of protection due to its sensitive nature. This means processing DNA data is prohibited unless specific conditions are met.
The ICO’s guidance on the handling of special category data states that:
“If you process special category data you… [may] need to consider how the risks associated with special category data affect your other obligations – in particular, obligations around data minimisation, security, transparency, DPOs and rights related to automated decision-making.”
This means the processing of DNA data is subject to the Information Commissioner’s Office (ICO) seven key data protection principles. Principle (c) of these is rooted in Article 5(1)(c) of the General Data Protection Regulations which states:
“1. Personal data shall be:
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)”
The ICO goes on to explain that this means “you should identify the minimum amount of personal data you need to fulfil your purpose. You should hold that much information, but no more.”
Previously, the technology of anonymising DNA did not exist so organisation could hold complete DNA records and be compliant with GDPR law. This is no longer the case.
Undisclosed DNA’s technology makes it possible for organisation to only be able to access relevant DNA data, as opposed to the entire code. So, under GDPR law, all organisation that hold DNA data should be licensing Undisclosed DNA.
Conclusion:
UK GDPR law and the guidance of the Information Commissioner’s Office are clear. Genetic Data must be subjected to data minimalisation when the technology enables this to happen.
Thanks to our unique and patented Undisclosed DNA technology, it is now possible to apply data minimalisation to DNA data and ensure that it is fully encrypted and scientists and researchers can only access relevant sections.
Undisclosed DNA is the only company that offers this technology. And under UK GDPR and ICO guidelines, both Government and private sector companies handling DNA data have a legal obligation to use it.
Ensuring genetic privacy
Keeping genetic data private is at the heart of Undisclosed DNA’s mission and our technology. Not only do we believe that everyone has the right to their DNA being kept private, under the UK’s General Data Protection Regulation (UK GDPR), both Government and private sector businesses are already required to do so.
What the UK GDPR says about genetic data
Under the UK General Data Protection Regulation (UK GDPR), DNA is classified as genetic data, a type of special category data that requires a higher level of protection due to its sensitive nature. This means processing DNA data is prohibited unless specific conditions are met.
The ICO’s guidance on the handling of special category data states that:
“If you process special category data you… [may] need to consider how the risks associated with special category data affect your other obligations – in particular, obligations around data minimisation, security, transparency, DPOs and rights related to automated decision-making.”
This means the processing of DNA data is subject to the Information Commissioner’s Office (ICO) seven key data protection principles. Principle (c) of these is rooted in Article 5(1)(c) of the General Data Protection Regulations which states:
“1. Personal data shall be:
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)”
The ICO goes on to explain that this means “you should identify the minimum amount of personal data you need to fulfil your purpose. You should hold that much information, but no more.”
Previously, the technology of anonymising DNA did not exist so organisation could hold complete DNA records and be compliant with GDPR law. This is no longer the case.
Undisclosed DNA’s technology makes it possible for organisation to only be able to access relevant DNA data, as opposed to the entire code. So, under GDPR law, all organisation that hold DNA data should be licensing Undisclosed DNA.
Conclusion:
UK GDPR law and the guidance of the Information Commissioner’s Office are clear. Genetic Data must be subjected to data minimalisation when the technology enables this to happen.
Thanks to our unique and patented Undisclosed DNA technology, it is now possible to apply data minimalisation to DNA data and ensure that it is fully encrypted and scientists and researchers can only access relevant sections.
Undisclosed DNA is the only company that offers this technology. And under UK GDPR and ICO guidelines, both Government and private sector companies handling DNA data have a legal obligation to use it.