About collection / processing of sensitive data

About collection / processing of sensitive data

It is forbidden to ask or save sensitive data unless a data protection impact assessment (DPIA) has been done and shown that it is absolutely necessary, and there are no alternatives. Sensitive data includes: health data, religious and/or political beliefs, DNA, biometric data, and even trade union membership, and data on sexual orientation. 

Sensitive data is any data which can used to harm or discriminate against an individual. 
In the GDPR sensitive data is referred to as special categories of data, more can be found in Article 9



    • Related Articles

    • What is consent?

      Making GDPR compliance easy with Privasee · Consent Types In order for consent to be legal it either needs to be unambiguous consent or explicit consent.  Unambiguous consent is defined in the GDPR as similar to implicit consent but strengthened by a ...
    • There is a vital interest for the collection and processing

      Making GDPR compliance easy with Privasee · There is a vital interest for collection and processing Article 6d, vital interest. Processing is necessary in order to protect the vital interests of the data subject or of another natural person. This is ...
    • What exactly is processing?

      Making GDPR compliance easy with Privasee · What exactly is processing? Processing is anything done with personal data even when it is stored on backup tape doing nothing. it is still being processed according to the GDPR, and processing stops only ...
    • How can we protect the customer from sharing more personal data than absolutely necessary?

      When requesting personal data on a web-page, a practical way to limit collection is to use drop-down choices and click-boxes rather than to request free-text answers. This protects the customer from sharing too much personal data. Any form of ...
    • So your organisation has a legitimate interest to process personal data under Article 6f?

      Making GDPR compliance easy with Privasee · Article 6f, your organisation has a legitimate interest Article 6f, legitimate interest. Processing is necessary for the purposes of the legitimate interest pursued by the controller or by a third party, ...