Start Free Trial
Home/Regulations/GDPR Article 9 — Special Category (Health) Data — Regulatory Reference
Regulatory Reference
Healthcare Global / EU critical

GDPR Article 9 — Special Category (Health) Data — Regulatory Reference

Special category health data — explicit consent, cross-border restrictions, and right-to-erasure enforced at the data access layer.

Key Provisions
  • Article 9(1) — prohibition on processing special category data by default
  • Article 9(2) — exceptions including explicit consent, vital interests, healthcare provision, public health
  • Article 17 — right to erasure ('right to be forgotten')
  • Chapter V — international transfers (Articles 44–49)
How AutoPIL Enforces It
  • Consent state propagated to AutoPIL policy — retrievals without active consent are denied at the gate
  • Cross-border restriction policy enforces Chapter V transfer rules
  • Audit chain supports Article 17 by enumerating every AI access to a data subject's records
Policy EngineAudit LogSensitivity LabelsAgent RegistryLineageCatalog
AutoPIL Policy IDs
HC-GDPR-A9-001Special Category Consent Gating
HC-GDPR-A17-001Right to Erasure — Access History
HC-GDPR-CHV-001Cross-Border Transfer Policy Enforcement
Official Sources
https://gdpr-info.eu/art-9-gdpr/https://edpb.europa.eu

This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.

AutoPIL Governance Platform

Enforce this regulation today

AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.

Start Free Trial View All Industries