No. The Information Commissioner is very clear in this regard.
Under GPDR, you must have a valid lawful basis in order to process personal data – consent is only one of the lawful bases, and there are alternatives. There are six bases available in total and no single basis is ’better’ or more important than the others. Which basis is most appropriate to use will depend on your purpose and relationship with the individual.
Any requirement to get consent to medical treatment itself does not mean that there is a requirement to get GDPR consent to associated processing of personal data, and other lawful bases are likely to be more appropriate.
In the healthcare context consent is often not the appropriate lawful basis under the GPDR. Instead, healthcare providers should identify another lawful basis (for example the public task basis may be appropriate).
Please note that if you are processing information about an individual’s health, it isn’t enough to just identify a lawful basis for processing. You also need to satisfy a separate condition for processing special category data. There are 10 of these in the GDPR itself, including where the processing is necessary for the purposes of medical diagnosis or healthcare.
