Sensitive data is a special category of personal data under the GDPR.

The following types of information fall under this definition:

  • health data
  • racial or ethnic origin
  • religious beliefs
  • sexual orientation
  • trade-union memberships
  • political opinions
  • biometric data

As a Data controller , you must meet the following conditions in order to process sensitive data:

  • You must obtain user consent
  • The processing is necessary to protect the vital interests of the data subject when one is unable to give consent
  • The data subject has revealed the sensitive data publicly
  • It is necessary for claims or in a legal process
  • Processing the data for reasons of substantial public interest on the basis of EU or national law
  • You are processing the data for preventive or occupational medicine
  • The processing is required for public health reasons – preventing epidemics, etc.

For more details we recommend reading this article prepared by the European Commission.

What’s more, such data requires special protection from unauthorized access to ensure that the privacy and security of both individuals and companies is properly guarded. You can read about this here.


  • PHI and PII

    PHI and PII: How they impact HIPAA compliance and your marketing strategy

    Personally identifiable information (PII) and protected health information (PHI) may seem similar. However, there are critical distinctions between the two. While PII is a catch-all term for any information that can be associated with an individual, PHI applies specifically to HIPAA-covered entities dealing with identifiable patient information. Keeping HIPAA compliant and protecting patient information requires…

  • How can healthcare organizations benefit from using a customer data platform (CDP)

    Like many industries, healthcare has been undergoing significant change and is under immense pressure. Patients expect personalized healthcare experiences, but are increasingly aware of their privacy rights and demand that their data is safe and not misused. Healthcare providers have been seeking ways to connect, scale, and leverage customer data more effectively to meet consumers’…