Sensitive Personal Data is any data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or sex life.
Sensitive Personal Data can be found in many different places including medical records, insurance claims, and medical research.
The GDPR requires you to consider whether any Personal Data you process is Sensitive Personal Data before you collect it. If it is, then you need to make sure you have a lawful basis for collecting and using that information under the GDPR.
Sensitive Personal Data Categories
Sensitive personal data are classified into two categories: Special Categories of Personal Data (SCPD) and Pseudonymised Personal Data (PPD).
Special Categories of Personal Data (SCPD) are sensitive personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership.
Pseudonymized Personal Data (PPD) is sensitive personal data that is processed in such a way that it can no longer be attributed to a specific individual without the use of additional information which is kept separately and subject to technical and organizational measures to ensure non-attribution.