We’re fighting fake reviews –

GDPR: Sensitive Personal Data

Nathan Rizzuti Avatar

Written by:

Pushes for consumer privacy advocacy have seen massive success over the past few years. And to protect yourself and your data, you should be aware of the measures being put in place. The General Data Protection Regulation is a series of laws concerning EU countries and how user data is transferred, stored, and collected. The laws are complex, but we have a series of articles to help you understand them in an easily digestible format. Below we’ll look at GDPR-sensitive personal data, including what it is and how you should store it.


  • Under the GDPR, sensitive data is a collection of specific categories within the larger category of personal data.
  • Sensitive data includes race, sexual orientation, religion, and medical data.
  • Sensitive personal data can be processed lawfully; however, lawful intent must be established before doing so.

For more information, read GDPR in the U.S., the GDPR and the Right to Be Forgotten, and the GDPR’s stance on employee data.

Insider Tip

Always keep your operating system running on the most recent version of the software. Falling behind on software updates can weaken a device’s security system and leave sensitive data exposed.

GDPR: Sensitive Information

The GDPR categorizes many different types of data. For example, there are personal data, and then there’s sensitive personal data.

So, what’s the difference?

It’s important to note that sensitive personal data is a category that falls under the larger umbrella of personal data. Personal data, as defined in the GDPR in article 4, is the information used to identify someone. Personal data is commonly thought of as names, email addresses, physical addresses, and phone numbers. In short, anything can be linked back to identify a user.

Personal data, like photographs or video footage, also includes information confirming a person’s location or presence.

On the other hand, sensitive personal data deals with specific categories of personal data.

Sensitive personal data includes the following:

  • Race/Ethnicity
  • Political Opinions/Party
  • Religious Beliefs
  • Trade Union Membership
  • Genetic Data
  • Biometric
  • Health Data
  • Sexual Orientation

While sensitive personal data is highly guarded under the GDPR, there are still ways for it to be processed lawfully. Anyone looking to process sensitive data must establish a lawful basis under article 6 of the GDPR.

How to Store GDPR-Sensitive Personal Data

Sensitive personal data must be treated with extra security and handled with caution. Thankfully, there are ways users can bolster their data security to make sure it isn’t unlawfully accessed.

The first thing to do is to keep organized logs and files of any online documents that contain sensitive data. Keeping the data in one secure file is the best way not accidentally share it, or leave traces of it where it can be harvested.


Avoid using any public Wifi networks when dealing with or sending sensitive information. If you have to share sensitive info on public Wi-Fi, use a VPN.

Additionally, users should encrypt any file that contains their sensitive personal information. Along with this, users must also allow encryption on their devices. And lastly, users should make backups of any files containing sensitive personal data and keep them in a secure location.

STAT: On average, around 800,000 people experience ransomware attacks every year. (source)

GDPR Sensitive Personal Data FAQs

Do devices come with automatic encryption?

Windows and macOS devices do not have encryption enabled automatically; this must be done manually. However, Android and iOS devices are automatically encrypted.

What is 2FA, and how can it help me protect my data?

It stands for two-factor authentication. It simply means that, to access an account or information, a user has to provide two unique forms of identification to gain access.

Does a VPN protect your personal data?

Using a VPN with end-to-end encryption is an excellent way to protect sensitive data when transferring files and browsing online.

Nathan Rizzuti Avatar

Learn More About Consumer Right

Consumer Right Reviews