Confidentiality of personal data protected by professional secrecy
The GDPR takes into account in some provisions the confidentiality of personal data that are subject to professional secrecy or for which there is a special obligation of confidentiality for other reasons. The obligation of confidentiality may result from Union law, Member State law or statutory law. Corresponding regulations contain:
Articles: 14 V d, 28 III b, 38 V, 54 II and 76 GDPR.
Recitals: 75 and 85 (1) GDPR.
Data subject: The special secrecy obligations may protect data of the data subject [Tile DS.16]. If no specific confidentiality obligation applies, the personal data is protected by the (less strict) principle of confidentiality [Tile DS.15].
Controller or other persons: However, the special secrecy obligations may also protect data of the controller or other persons. Then they may conflict with rights of the data subject [Tile DSR.05]. For example, the data subject's right to information and disclosure may conflict with the lawyer-client privilege [see § 29 I/II Federal Data Protection Act]. The attorney-client privilege in turn protects the rights of the client. In this case, the data subject's data protection rights conflict with the lawyer's duty of confidentiality and the client's expectations of confidentiality - an example of the multi-dimensionality of data processing that data protection law has to deal with. On the multidimensionality of fundamental rights, see in particular Tile CO.01.