Pushes for consumer privacy advocacy have seen massive success over the past few years. And to protect yourself and your data, you should be aware of the measures being put in place. The General Data Protection Regulation is a series of laws concerning EU countries and how user data is transferred, stored, and collected. The laws are complex, but we have a series of articles to help you understand them in an easily digestible format. Below we’ll look at GDPR-sensitive personal data, including what it is and how you should store it.
KEY TAKEAWAYS:
- Under the GDPR, sensitive data is a collection of specific categories within the larger category of personal data.
- Sensitive data includes race, sexual orientation, religion, and medical data.
- Sensitive personal data can be processed lawfully; however, lawful intent must be established before doing so.
For more information, read GDPR in the U.S., the GDPR and the Right to Be Forgotten, and the GDPR’s stance on employee data.
Insider Tip
Always keep your operating system running on the most recent version of the software. Falling behind on software updates can weaken a device’s security system and leave sensitive data exposed.
GDPR: Sensitive Information
The GDPR categorizes many different types of data. For example, there are personal data, and then there’s sensitive personal data.
So, what’s the difference?
It’s important to note that sensitive personal data is a category that falls under the larger umbrella of personal data. Personal data, as defined in the GDPR in article 4, is the information used to identify someone. Personal data is commonly thought of as names, email addresses, physical addresses, and phone numbers. In short, anything can be linked back to identify a user.
Personal data, like photographs or video footage, also includes information confirming a person’s location or presence.
On the other hand, sensitive personal data deals with specific categories of personal data.
Sensitive personal data includes the following:
- Race/Ethnicity
- Political Opinions/Party
- Religious Beliefs
- Trade Union Membership
- Genetic Data
- Biometric
- Health Data
- Sexual Orientation
While sensitive personal data is highly guarded under the GDPR, there are still ways for it to be processed lawfully. Anyone looking to process sensitive data must establish a lawful basis under article 6 of the GDPR.
How to Store GDPR-Sensitive Personal Data
Sensitive personal data must be treated with extra security and handled with caution. Thankfully, there are ways users can bolster their data security to make sure it isn’t unlawfully accessed.
The first thing to do is to keep organized logs and files of any online documents that contain sensitive data. Keeping the data in one secure file is the best way not accidentally share it, or leave traces of it where it can be harvested.
Warning
Avoid using any public Wifi networks when dealing with or sending sensitive information. If you have to share sensitive info on public Wi-Fi, use a VPN.
Additionally, users should encrypt any file that contains their sensitive personal information. Along with this, users must also allow encryption on their devices. And lastly, users should make backups of any files containing sensitive personal data and keep them in a secure location.
STAT: On average, around 800,000 people experience ransomware attacks every year. (source)