Expert Advice Community

Guest

GDPR and sensitive data

  Quote
Guest
Guest user Created:   Aug 07, 2019 Last commented:   Aug 07, 2019

GDPR and sensitive data

EU representative, whether DOB and diagnosis of a disease constitute sensitive data under GDPR, whether we need DPIA and PIA before launching a new web-based platform.
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Aug 07, 2019

Answer:

Date of birth is not special category data as defined under the GDPR, however, health data is, and in this case if you are collecting and processing personal data you need to perform a DPIA. Also note that PIA and DPIA are the same thing.

If you want to get more insight into DPIAs check out this webinar: Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/
Quote
0 0
Guest
pria Aug 07, 2019
Thank you!! This is helpful.
Quote
0 0
Guest
pria Aug 07, 2019
What constitutes "processing of health info"? What info should a company have to figure out whether GDPR applies to them?
Quote
0 0
Expert
Andrei Hanganu Aug 08, 2019
1. “Data concerning health” or "health information" is defined by the GDPR as “personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.”

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

2. The GDPR primarily applies to businesses established in the EU. It will also apply to businesses based outside the EU that offer goods and services to, or monitor, individuals in the EU.

You can gain more insight into the EU GDPR by checking out our free EU GDPR Foundations Course https://training.advisera.com/se/eu-gdpr-foundations-course//
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 07, 2019

Aug 08, 2019

Suggested Topics

Guest user Created:   Apr 14, 2021 EU GDPR
Replies: 1
0 0

GDPR and DPA Genome/Sensitive data

Guest user Created:   Nov 30, 2020 EU GDPR
Replies: 1
0 0

Data sharing

Guest user Created:   May 03, 2018 EU GDPR
Replies: 1
0 0

Dropbox