Sensitive data: A GDPR sensitivity
Sensitive data cannot in principle be collected. However, there are exceptions to the rule that require special security.
According to the CNIL, sensitive data is any “Information concerning:
- racial or ethnic origin,
- political, philosophical or religious opinions,
- trade union membership,
- health or sex life.
In principle, sensitive data can only be collected and used with the individuals explicit consent.»
Nota bene: philosophical opinion-opinion is a sentiment, a judgement, whereas philosophy concerns all conceptions concerning the principles of beings and things, the role of man in the universe, God, history and, in general, all the great problems of metaphysics.
- In other words and in a short way, it is all that will allow you to determine the person opinions on the concepts which surround us and which make us (humanity, things, metaphysical problems, universe, God…)
Processing sensitive data
As a matter of principle, it is prohibited to collect such data.
But as everyone knows, there are exceptions to every principle…
Exceptionally, it will be possible to collect this data as soon as your situation corresponds to one of the following:
- You have obtained express consent from the concerned person, that is, written, clear and explicit consent. In other words, you have obtained unambiguous consent.
- These data are necessary for a medical purpose or for research related to the health field. For example, it is necessary to know a person’s blood type in order to treat him.
- The use that you make of these data is of public interest or authorized by the CNIL.
- If the sensitive data concerns a member or an adherent of an association/ political organization/ religious/ philosophical/ political/ trade union.
Only in these four cases you will be allowed to be in possession of sensitive data.
WARNING: you are in possession of data relating to criminal offences? Although the law does not classify them directly as sensitive data, they are subject to the same protection. Be careful!
Sensitive data: to do list
In addition to the complex collection of these data, it must be known that once they have been collected, they must benefit of a special security.
Do to list if you have sensitive data:
- MANDATORY implementation of a PIA
- Establishment of an adequate protection for this category of data
To learn more about how to effectively protect your websites / web applications.
Do you want to go further the processing of your sensitive data within your company? Take advantage of our GDPR 2.0 training! The Ziwit Academy provides a complete training divided into 8 modules for a perfect understanding of the GDPR.