Access premium content without the subscription fees.
What Is Sensitive Personal Data?
Sensitive personal data is data that contains information about a specific person’s race or ethnicity, their political opinions, religious or philosophical beliefs, and personal data concerning a person’s health and sex life. Because of what sensitive personal data can reveal about a person, it must be protected more than other data.
By comparison, sensitive personal data goes beyond those key bits of information and into some of the more foundational elements that shape someone’s identity. Under GDPR guidelines, sensitive personal data includes:
With the digital landscape being a treasure trove of information about everyone and everything, it is important to recognize the differences between sensitive personal data and just personal data in general.
Personal data is often defined as any piece of general information that can be used to identify a person. This can include anything from a user’s cell phone number, address, age, email and more. Personal data on the smallest scale can even classify if someone is present on a given site or app just based on activity and screen time.
Sensitive personal data differs in that it can not be so readily collected like general personal data. Sensitive personal data requires special handling and collection instructions due to the fact that it offers a more in depth look at who someone is and the information itself is generally more sensitive. For instance, things like ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data relating to a person’s inherited or acquired genetic characteristics, biometric data such as fingerprint, sexual orientation, or data concerning a person’s physical or mental health are all deeply personal peices of information that can be used unethically if not handled properly.
Because of its appeal to bad actors, sensitive personal data comes with very specific rules for how it can be used by companies. Specifically, GDPR policy requires sensitive personal data to be stored separately from standard personal data and that sensitive information be encrypted and/or pseudonymized, specifically taking the stance that, “The use of pseudonymization in personal data may reduce the risk associated with data management and help controllers and processors to comply with their data protection obligations.”
Use your data to access premium content you love.