Personal data concerning health should include all data pertaining to the health status of a data subject which reveal information relating to the past, current or future physical or mental health status of the data subject. This includes information about the natural person collected in the course of the registration for, or the provision of, health care services as referred to in Directive 2011/24/EU of the European Parliament and of the Council(9)to that natural person; a number, symbol or particular assigned to a natural person to uniquely identify the natural person for health purposes; information derived from the testing or examination of a body part or bodily substance, including from genetic data and biological samples; and any information on, for example, a disease, disability, disease risk, medical history, clinical treatment or the physiological or biomedical state of the data subject independent of its source, for example from a physician or other health professional, a hospital, a medical device or an in vitro diagnostic test.
GDPR Recital EN
Recital 35
Related across sources
Guidance Guidelines 9/2022 on personal data breach notification under GDPR Guidance Guidelines 05/2020 on consent under Regulation 2016/679 Guidance Guidelines 02/2021 on virtual voice assistants News AEPD publishes GDPR Risk Assessment News Irish Data Protection Commissioner Fines Instagram EUR 405M for Children Privacy Violations News VG Düsseldorf - 29 K 9469/23