The GDPR defines personal data as any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation are classified as special categories of personal data (sensitive data) and are prohibited from processing without a proper legal basis and the appropriate technical and organisational safeguards.
In the GDPR compliance app's data mapping, you will be prompted to select a legal basis wherever you indicate that you process sensitive data.
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018