Each week we will be sharing an article on GDPR on the SFA weekly e-zine to help our members prepare. This week we are going to look at the definition of personal data and what are special categories of (sensitive) personal data.
A good first step in conducting your GDPR audit is to determine which data your organisation has. Is it just personal data or both personal and special category data?
This relates to information held either electronically or on paper to a living individual "who is, or can be, identified by that information, including data that can be combined with other information to identify an individual. This can be a very wide definition, depending on the circumstances, and can include data which relates to the identity, characteristics or behaviour of an individual or influences the way in which that individual is treated or evaluated."
In other words, the data must relate to a living person. An e-mail address or their full name is personal data. A telephone number on its own would not be classified as personal data, however, if that number is linked with a name or email address, it then becomes personal data and would be subject to GDPR requirements.
Special categories of (sensitive) personal data:
This relates to sensitive personal information that 'reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation'
This type of data relates to sensitive information that is connected with an individual and under the GDPR requirements this type of data can only be processed for specific purposes which will be discussed in depth in next week’s e-zine.
Ready to start your GDPR checklist? Download it here
If you would like more information on GDPR or to discuss your requirements further please contact Helen at SFA on 01 605 1668 or at firstname.lastname@example.org or visit our GDPR section on www.sfa.ie/advice