Skip to main content

What is sensitive personal data?

Sensitive personal data is the part of personal data that is considered to be especially sensitive. That is, if disclosed, they could cause greater harm or damage to a person’s privacy and security. Examples of sensitive personal data include, among other things:

  • Health
  • Trade union relations
  • Biometric data
  • Genetic data
  • Race
  • Religion
  • Sexual orientation
  • Political opinions

However, it does not include names, addresses, telephone numbers, e-mail addresses and demographic information. In general, the handling and protection of sensitive personal data is, in accordance to compliance regulations, subject to stricter rules compared to non-sensitive personal data.

Sensitive business data

We should also mention sensitive business data. Although the rules protecting them may be different, this type of data should also be carefully protected. Sensitive business information may include intellectual property rights, trade secrets, plans for a merger or other data that would adversely affect the business if it fell into the hands of a competitor.

Start your GDPR cleanup where it is needed the most

Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.

What is the legislation to protect sensitive personal data?

Legislation to protect sensitive personal data varies from country to country, but there are some general guidelines and standards that are widely recognised. A central set of rules that has had a global impact is the GDPR (General Data Protection Regulation), which is the EU’s data regulation that applies within the EU. Read more about how to process sensitive personal data in accordance with the GDPR here.

What happens if you expose sensitive data?

The consequences of exposing personal data to companies will also vary and can be relatively minor to catastrophic, depending on the amount of data leaked, its sensitivity and the degree of your company’s negligence. Read more about the consequences here.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

Do this to protect your data

A tool for data discovery can help you organise your files and protect the sensitive personal data you have stored. It can help you with the following:

  • Find out where all your data is stored
  • Classify data by its sensitivity/risk level, type and format
  • Choose and implement effective and compliant security controls
  • Create accurate Data Privacy Impact Assessments
  • Report personal data breaches and security incidents on time
  • Continuously monitor your risk level and assess the impact of your data processing activities
  • Keep documentation and create audit reports to comply with other legal requirements 

Learn more about protecting privacy data here. 

The smart way to protect sensitive personal data

We have developed the Data Discovery tool DataMapper to easily find, map and continuously monitor sensitive data.

Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →


How to handle sensitive personal data


How to find personal data with datamapping tool


How to prepare for a data audit