What is the difference between personal data and privacy-sensitive information?

The GDPR is a hot topic. Due to all messages in the media, many myths circulate about this topic. A frequently-heard comment is: but it is related to privacy, and so it is forbidden under the GDPR anyway, right? To understand correctly what the law requires and what are the reasons for that, you should know what personal data are and how this differs from privacy-sensitive information. We will explain this to you in this blog.

The GDPR is about personal data - What are they?

According to the Dutch Personal Data Protection Act of 2016, personal data means ‘any information relating to an identified or identifiable natural person’. This means that the information is directly about a person, or can be traced back to this person. Think of a person’s name, (email) address, telephone number, passport photo or fingerprints. It must be information of a natural person, so information about deceased persons or organisations does not count as personal data.
There are special personal data as well. These are data that are particularly sensitive, processing them can seriously affect someone’s privacy. These data are additionally protected by law. Examples of this are data regarding someone’s health, race, religion, criminal record, sexual life or membership of a trade union. The Citizen Service Number is a special personal data as well, since it is a unique number that can be traced back to a person.

What about privacy - Which data are considered privacy-sensitive?

But what are privacy-sensitive data? These can be personal data, but there are many more types of information that are considered privacy-sensitive. For example, information on organisations. This information is not about an identifiable natural person, but it is valuable indeed, and you do not want to share it with the whole world. After all, privacy is about ‘deciding yourself who will get which information about you’. And what about sales records or take-over plans: when they fall into the wrong hands, this can be damaging to a company. Even something as simple as a confirmation of a hospital appointment need not be seen by everyone. So you must be very careful with both personal data and privacy-sensitive data.

Privacy and the GDPR - It is all about awareness

The GDPR only deals with personal data. Organisation are now compelled to protect these data demonstrably well and to have control over the protection. However, this does not mean that organisations should solely focus on the protection of personal data. The GDPR has precisely been prepared to raise awareness concerning sensitive data. A lot of information that is not categorised as personal data, should not fall into strange hands either, and therefore must be handled with care. It is crucial that the organisation’s employees have a broad sense of privacy awareness. Do they know the difference between personal data and privacy-sensitive data, and can they recognise such data? Do they know how to protect these data best? Our e-book gives you tips on how to help your employees become aware of safe data-processing.

Download the ebook

shutterstock_274821560 (1)

How to make your employees aware of the importance of secure information processing

Some organisations are already GDPR compliant, others still have work to do to meet the legal requirements. To achieve this, a set of technical and organisational measures is required. There are many step-by-step plans on the Internet to help you with these measures. It is even more important yet to raise the awareness among your organisation’s employees. This is very […]

Read more
shutterstock_675065458 (1)

Data and human errors: Where does it go wrong?

People make a mistake every 200-20,000 actions. So when humans play a role in a system, it is very likely they make mistakes. Like writing ‘2017’ for instance, when it should be ‘2018’, forgetting their keys, calling somebody by the wrong name. These things happen, after all, you cannot make an omelette without breaking eggs. Most people spend a large part of their […]

Read more

The 3 most important things you need to account for in order to become GDPR compliant

The General Data Protection Regulation (GDPR) is a European law that protects the privacy of European citizens on the one side and helps to create awareness in processing personal information on the other. Thanks to GDPR, CISO’s like you have a lot of extra work to do. The amount of administrative proceedings that result from the GDPR is huge, your organisation […]

Read more
Untitled design

4 misconceptions about safe email

The European General Data Protection Regulation (GDPR) made the topic of privacy protection an important agenda item for every company. Almost all the time, risk analysis brings up email traffic as a very risky part. In the meantime however, I often encounter organisations that are pretty sure in their statement that the have their email traffic safe and under control. […]

Read more