UK: ICO Blog: Why special category personal data needs to be handled even more carefully

“Due to the possible risks, the ICO expects controllers to take all necessary precautions to protect this data and we have published new guidance to help you do this.”
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/special-category-data/

“Many of the DPA 2018 conditions require you to have an appropriate policy document in place. This is a short document that should outline your compliance measures and retention policies with respect to the data you are processing.”
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/documentation/

Appropriate policy document template:
https://ico.org.uk/media/for-organisations/documents/2616286/appropriate-policy-document.docx

Full blog article
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/11/why-special-category-personal-data-needs-to-be-handled-even-more-carefully/