1. Categories of (sensitive) Personal Data under the GDPR
The entire General Data Protection Regulation (GDPR) revolves around the protection of personal data, how personal data can be used and so forth. We will go over what “personal data” is according to the GDPR.
'Personal data’ means any information relating to an identified or identifiable natural person. This person is called 'data subject' (see further). In other words, any information that is clearly about a particular person. But just how broadly does this apply?
According to examples mentioned in the GDPR, the following are considered privacy-related Personal Data:
|Name||Home address||Personal e-mail address|
|Personal phone number||Work phone number||Birthday/age|
|Languages||Place of birth||Nationality|
|National ID card details||Passport details, copy of passport||Copy of ID card|
|Social security number or other national identifiers||Driver’s license details, Copy of driver’s license||Personal information about spouse/partner/children|
|Work permit (foreign employees)||Insurances||Wage/salary|
|Bank account||Credit card details||Education level/diplomas|
|CV/résumé/work experience||(Labour) union membership||Training during employment|
|Evaluation/annual appraisal||Registered work hours/badging log||Leave/holidays|
|Sick days||Personal health/medical info||Criminal convictions/offences|
|Video images from security cameras||Biometrics (finger print, retinal scan)||Pictures/images|
|Data re monitoring of internet use||Data re monitoring of work e-mail use||Data re monitoring of private e-mail use|
|Electronic identification data: IP address, log-in data, cookies, ...||Electronic localization data: cell phone, GPS, ...||Function grid|
|Data on retirement/pension||Date of entry into service||Place of work|
|Working conditions||Sound recordings (e.g. recorded telephone conversations, ...)||Physical data: height, weight, and so on|
|Family composition: information on partner, children, …||Leisure time activities and interests: hobbies, sports, …||Data revealing racial or ethnic origin|
|Political opinions||Data of sex life or sexual orientation||Memberships|
2. Categories of Data Subjects
Next to the different types of 'Personal Data' in GDPR, it's also important to get insights on the Data Subject. We will go over what “Data Subjects” are according to the GDPR.
With Data Subjects, GDPR means 'the natural person which the data enable to identify'.
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier,...
Data Subjects in the context of GDPR exist in different categories:
Potential personnel (job applicants)
Temporary agency workers
Employees’ family members
Customers (contact persons/representatives)
Prospects (contact persons/representatives)
Suppliers (contact persons/representatives)
3. Categories of recipients of Personal Data
Next to the different types of 'Personal Data' and 'Data Subjects' in GDPR, it's useful to know which are the potential recipients of Personal Data. Here's a list about what 'Recipients of Personal Data' are according to the GDPR.
Potential recipients of Personal Data include:
- Temporary Staff
- Sub-contracted processor
- Other recipients in international organisation (...)
- Other recipients within the EU (...)
- Other recipients outside the EU (...)
Want to learn more?
You can find information on the implementation guidelines of the GDPR, like processing principles, security measures, preparations and operations and much more by clicking on the button below.
You can also download our full implementation guide 'A free quick-start guideline for your GDPR implementation' as a PDF document.