What is the difference between personal data and privacy-sensitive information?
The GDPR is a hot topic. Due to all messages in the media, many myths circulate about this topic. A frequently-heard comment is: but it is related to privacy, and so it is forbidden under the GDPR anyway, right? To understand correctly what the law requires and what are the reasons for that, you should know what personal data are and how this differs from privacy-sensitive information. We will explain this to you in this blog.
The GDPR is about personal data - What are they?
According to the Dutch Personal Data Protection Act of 2016, personal data means ‘any information relating to an identified or identifiable natural person’. This means that the information is directly about a person, or can be traced back to this person. Think of a person’s name, (email) address, telephone number, passport photo or fingerprints. It must be information of a natural person, so information about deceased persons or organisations does not count as personal data. There are special personal data as well. These are data that are particularly sensitive, processing them can seriously affect someone’s privacy. These data are additionally protected by law. Examples of this are data regarding someone’s health, race, religion, criminal record, sexual life or membership of a trade union. The Citizen Service Number is a special personal data as well, since it is a unique number that can be traced back to a person.
What about privacy - Which data are considered privacy-sensitive?
But what are privacy-sensitive data? These can be personal data, but there are many more types of information that are considered privacy-sensitive. For example, information on organisations. This information is not about an identifiable natural person, but it is valuable indeed, and you do not want to share it with the whole world. After all, privacy is about ‘deciding yourself who will get which information about you’. And what about sales records or take-over plans: when they fall into the wrong hands, this can be damaging to a company. Even something as simple as a confirmation of a hospital appointment need not be seen by everyone. So you must be very careful with both personal data and privacy-sensitive data.
Privacy and the GDPR - It is all about awareness
The GDPR only deals with personal data. Organisation are now compelled to protect these data demonstrably well and to have control over the protection. However, this does not mean that organisations should solely focus on the protection of personal data. The GDPR has precisely been prepared to raise awareness concerning sensitive data. A lot of information that is not categorised as personal data, should not fall into strange hands either, and therefore must be handled with care. It is crucial that the organisation’s employees have a broad sense of privacy awareness. Do they know the difference between personal data and privacy-sensitive data, and can they recognise such data? Do they know how to protect these data best? Our e-book gives you tips on how to help your employees become aware of safe data-processing.
Some organisations are already GDPR compliant, others still have work to do to meet the legal requirements. To achieve this, a set of technical and organisational measures is required. There are many step-by-step plans on the Internet to help you with these measures. It is even more important yet to raise the awareness among your organisation’s employees. This is very […]