GDPR
Sensitive Personal Data
The GDPR refers to this as a special category of personal data as it relates to information that individuals may assume to be of a more sensitive.
This category of personal data includes information about an individuals:-
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data for the purpose of uniquely identifying a natural person
- Health
- Sexual orientation or sex life
Processing such data is prohibited without an additional lawful basis being met. This is similar to the Schedule 3 of the Data Protection Act 1998, but remember if you are processing Sensitive Personal data, you will also have to lawful basis under Personal Data too. (Don’t worry we cover the lawfulness of processing later on in the training).
Criminal Convictions and Offences are not in this category of Personal Data, under the GDPR, but similar extra safeguards apply to its processing (Art. 10).