What is the difference between personal data and privacy-sensitive information?

The GDPR is a hot topic. Due to all messages in the media, many myths circulate about this topic. A frequently-heard comment is: but it is related to privacy, and so it is forbidden under the GDPR anyway, right? To understand correctly what the law requires and what are the reasons for that, you should know what personal data are and how this differs from privacy-sensitive information. We will explain this to you in this blog.

The GDPR is about personal data - What are they?

According to the Dutch Personal Data Protection Act of 2016, personal data means ‘any information relating to an identified or identifiable natural person’. This means that the information is directly about a person, or can be traced back to this person. Think of a person’s name, (email) address, telephone number, passport photo or fingerprints. It must be information of a natural person, so information about deceased persons or organisations does not count as personal data.
There are special personal data as well. These are data that are particularly sensitive, processing them can seriously affect someone’s privacy. These data are additionally protected by law. Examples of this are data regarding someone’s health, race, religion, criminal record, sexual life or membership of a trade union. The Citizen Service Number is a special personal data as well, since it is a unique number that can be traced back to a person.

What about privacy - Which data are considered privacy-sensitive?

But what are privacy-sensitive data? These can be personal data, but there are many more types of information that are considered privacy-sensitive. For example, information on organisations. This information is not about an identifiable natural person, but it is valuable indeed, and you do not want to share it with the whole world. After all, privacy is about ‘deciding yourself who will get which information about you’. And what about sales records or take-over plans: when they fall into the wrong hands, this can be damaging to a company. Even something as simple as a confirmation of a hospital appointment need not be seen by everyone. So you must be very careful with both personal data and privacy-sensitive data.

Privacy and the GDPR - It is all about awareness

The GDPR only deals with personal data. Organisation are now compelled to protect these data demonstrably well and to have control over the protection. However, this does not mean that organisations should solely focus on the protection of personal data. The GDPR has precisely been prepared to raise awareness concerning sensitive data. A lot of information that is not categorised as personal data, should not fall into strange hands either, and therefore must be handled with care. It is crucial that the organisation’s employees have a broad sense of privacy awareness. Do they know the difference between personal data and privacy-sensitive data, and can they recognise such data? Do they know how to protect these data best? Our e-book gives you tips on how to help your employees become aware of safe data-processing.

Download the ebook


Work from home securely by following these simple tips

The battle against the Coronavirus has entered a new phase. Many governments have asked employees - if at all possible - to work from home to prevent further spreading of the virus. Working from home sounds appealing to most people: no rush getting to the office, working in your pajama pants, always your favorite coffee at hand. It is fortunate that many organizations […]

Read more

Improve your Office 365 security with ZIVVER

Prevent data leaks, improve compliance and save on costs when you combine the flexibility of Office 365 with the enhanced security of ZIVVER!  Did you know that Office 365 is the most popular cloud-based office solution used by enterprises across the globe today? There are currently over 180 million subscribers worldwide and growing. Office 365 has achieved this market […]

Read more

The secret to thwarting data leaks? Securing your outbound email.

Did you know that over 160,000 data breaches have been reported across the EU since the General Data Protection Regulation (GDPR) came into force in May 2018? That amounts to hundreds of incidents every single day. While some of these data breaches generate headlines, such as the massive Marriott International or British Airways incidents (currently under appeal), the […]

Read more
Data_Breach_vs. Data_leak_explained_zivve_blog_en

Data breach vs. Data leak explained

You probably remember when Facebook's founder Mark Zuckerberg testified before the American Congress and UK lawmakers regarding the Cambridge Analytica data leak scandal. The political consulting firm harvested raw data from 87 million Facebook profiles while working for Donald Trump's presidential campaign in 2016. You might also recall the massive data breach […]

Read more
Encryption for Beginners_locks_ZIVVER_email

Encryption for Beginners 1: (A)symmetric encryption

Most people don't realize how easily an email can be sent to the wrong recipient. A typo in the address, a mistake in the configuration of a server, the wrong name selected from the automatic address book: they are all simple and common mistakes. In addition to the human error element, there is always a risk that hackers could compromise the mail server of a provider […]

Read more

Cybersecurity Awareness Month: Email and File Transfer Security

When people think about email security, they typically associate it with widely reported hacking incidents, often nefarious in nature. These breaches tend to be higher in profile for a multitude of reasons, but actually account for a lower percentage of data breaches overall. For many organizations, the biggest threat to protecting privacy-sensitive data simply comes […]

Read more