What is sensitive personal data?
Sensitive personal data is the part of personal data that is considered to be especially sensitive. That is, if disclosed, they could cause greater harm or damage to a person’s privacy and security. Examples of sensitive personal data include, among other things:
- Health records
- Financial information
- Biometric data
- Sexual orientation
- Political opinions
However, it does not include names, addresses, telephone numbers, e-mail addresses and demographic information. In general, the handling and protection of sensitive personal data is subject to stricter rules compared to non-sensitive personal data.
Sensitive business data
We should also mention sensitive business data. Although the rules protecting them may be different, this type of data should also be carefully protected. Sensitive business information may include intellectual property rights, trade secrets, plans for a merger or other data that would adversely affect the business if it fell into the hands of a competitor.
What is the legislation to protect sensitive personal data?
Legislation to protect sensitive personal data varies from country to country, but there are some general guidelines and standards that are widely recognized. A central set of rules that has had a global impact is the GDPR (General Data Protection Regulation), which is the EU’s data regulation that applies within the EU. Read more about how to process sensitive personal data in accordance with the GDPR here.
What happens if you expose sensitive data?
The consequences of exposing personal data to companies will also vary and can be relatively minor to catastrophic, depending on the amount of data leaked, its sensitivity and the degree of your company’s negligence. Read more about the consequences here.
Do this to protect your data
A tool for data discovery can help you organise your files and protect the sensitive personal data you have stored. It can help you with the following:
- Find out where all your data is stored
- Classify data by its sensitivity/risk level, type and format
- Choose and implement effective and compliant security controls
- Create accurate Data Privacy Impact Assessments
- Report personal data breaches and security incidents on time
- Continuously monitor your risk level and assess the impact of your data processing activities
- Keep documentation and create audit reports to comply with other legal requirements
Learn more about protecting privacy data here.
The smart way to protect sensitive personal data
We have developed the Data Discovery tool DataMapper to easily find, map and continuously monitor sensitive data.