The Data Protection (Processing of Sensitive Personal Data) Order 2012
The Data Protection Act 1998 (c. 29) (“the Act”) regulates, amongst other things, the processing of “sensitive personal data”, as defined in section 2. The first data protection principle, set out in paragraph 1 of Schedule 1 to the Act, prohibits the processing of “sensitive personal data” unless one of the conditions in Schedule 3 to the Act is met. The condition in paragraph 10 of that Schedule is that the personal data are processed in circumstances specified in an order made by the Secretary of State. This Order specifies certain circumstances for the purposes of that paragraph.
Go to Source