pia-health-data
Installation
SKILL.md
Privacy Impact Assessment for Health Data
Overview
Health data processing triggers mandatory DPIA requirements under GDPR Article 35(3)(b) (processing on a large scale of special categories of data referred to in Article 9(1)). The EDPB in WP248rev.01 identifies health data processing as meeting multiple DPIA-triggering criteria: special category data (C5), vulnerable data subjects (C7), and often innovative use or applying new technological or organisational solutions (C8). This skill provides a structured PIA methodology specific to health data processing across clinical, research, wearable, and digital health contexts.
Regulatory Framework
GDPR Article 9 — Special Category Data
Health data falls within the special categories of personal data under Article 9(1). Processing is prohibited unless one of the Article 9(2) exceptions applies: