Sensitive data
Sensitive data is a special category of personal data under the GDPR.
The following types of information fall under this definition:
- health data
- racial or ethnic origin
- religious beliefs
- sexual orientation
- trade-union memberships
- political opinions
- biometric data
As a Data controller, you must meet the following conditions in order to process sensitive data:
- You must obtain user consent
- The processing is necessary to protect the vital interests of the data subject when one is unable to give consent
- The data subject has revealed the sensitive data publicly
- It is necessary for claims or in a legal process
- Processing the data for reasons of substantial public interest on the basis of EU or national law
- You are processing the data for preventive or occupational medicine
- The processing is required for public health reasons – preventing epidemics, etc.
For more details we recommend reading this article prepared by the European Commission.
What’s more, such data requires special protection from unauthorized access to ensure that the privacy and security of both individuals and companies is properly guarded. You can read about this here.
September 29, 2022
Piwik PRO meets the SOC 2 standard
We are proud to announce that, after a year of hard work, Piwik PRO Analytics Suite is now SOC 2 type II-certified.External auditors have confirmed that Piwik PRO Analytics Suite services delivered from Microsoft Azure fulfill the commitments and system requirements based on the trust principle of security. Piwik PRO Analytics Suite’s framework of controls examined […]
Read more
September 22, 2022
Denmark's data protection authority says Google Analytics is illegal under GDPR
In recent months, we’ve seen a domino effect of decisions by European data protection authorities (DPA) concerning Google Analytics (GA). On January 12, 2022, the Austrian DSB released its ruling in the case of an unnamed German web publisher. The regulator stated that working with Google Analytics to collect data on EU residents is unlawful under […]
Read moreOther definitions
Recent posts from Piwik PRO blog
- Piwik PRO meets the SOC 2 standard
- Denmark’s data protection authority says Google Analytics is illegal under GDPR
- CCPA & CPRA: 5 actionable steps marketers should follow to comply with the Californian laws
- PIPEDA & CPPA: How the Canadian privacy laws impact your analytics [Updated]
- Why you should perform a mid-year digital marketing review