What is GDPR Special Category Data?

The General Data Protection Regulation becomes law in every European Union State on May 25. This legislation is aimed at protecting the personal data of all European Union citizens—around the globe. GDPR has a direct effect in all EU member states. Regardless of where your business, organization, or enterprise exists, you must ensure it complies if it employs and/or does business with any EU citizens.

What is the GDPR Special Category Data?

Special category is personal data which is deemed more ‘sensitive”. This data requires extra protection and/or heightened security measures.

When special category data is processed it must be identified under Article 6. Its special handling is outlined in Article 9.

According to the new regulations set down by GDPR, special category data is sensitive personal data that was originally stipulated under the 1998 Act.

However, the new GDPR also includes such generic data as biometric data. Special category data also includes personal data about criminal offences and convictions.

What are the Conditions?

Any business that falls under the GDPR must have a clearly outlined process for handling special category data.

What’s different about special category data? It now includes such sensitive information as:

  • Race and ethnicity
  • Genetics
  • Sexual orientation
  • Religion
  • Political information
  • Membership of a trade union
  • General health

Why is This Data Considered Sensitive?

Any or all of the above data might affect individual rights and freedoms.

Knowledge of the above might be used for discrimination.

How Can I Designate Information as Special Category?

Those who deem any data to be special category may apply for such designation. If not, you are giving consent to its processing and use as outlined by the collecting business or agency.

There must be appropriate safeguards of the collection, storage, use and disposal of the data. The data may not be made public unless specified and agreed upon by the data collector and the subject.

Data can only be used if the information poses a threat to member states and/or other EU citizens.

This might include health and safety.