18 09 2018
The GDPR aims to modernize the European legal system related to data protection, strengthen the rights of individuals, and improve clarity and coherence of the European regulation.
That is why it is important to highlight that there are data that due to their relevance and importance for privacy should be treated and stored with greater care and fulfilling a series of requirements. Not all personal data are equal before the regulation.
This data is known as sensitive or specially protected data. The GDPR makes a clear distinction between sensitive and non-sensitive personal data.
Let’s explain what are “personal data” in terms of law. Personal data refer to everything that contains:
The GDPR makes a clear distinction between direct identification information and pseudonymized data. The GDPR encourages the use of pseudonymized information and expressly states that “the use of pseudonymization in personal data may reduce the risk associated with data management and help controllers and processors to comply with their data protection obligations”.
Pseudonymization does not imply a complete anonymization or complete dissociation of the data or the impossibility of reversion of the same, since there is always the possibility of identifying the party concerned through additional information. Unlike anonymization, it is considered as personal data by the GDPR.
This process is intended to ensure greater respect to privacy of those affected, since despite personal data considered, the controller limits the access to certain authorized persons, and therefore minimizes the risk in the processing.
The Regulation establishes in Article 9 the special categories of data that refer to sensitive data that require special protection, since by their nature or by the relation they have with the rights and fundamental freedoms of individuals, and they are subject to specific provisions when their processing could imply high risk in data protection.
This new European regulation considers sensitive data those referring to:
The GDPR establishes by default the prohibition of processing of these categories of sensitive data with specific exceptions:
Pridatect can help you with the GDPR adaptation of your clients. Contact us for more information!