OneTrust Certified Privacy Professional Practice Exam

Under the General Data Protection Regulation (GDPR), 'sensitive' data is classified as special categories of personal data that require more stringent protections due to the potential risks to individuals' rights and freedoms. This special category includes data related to health, which encompasses medical records, genetic data, and details regarding an individual's physical or mental health. Additionally, sexual orientation data is also regarded as sensitive since it pertains to characteristics intrinsic to a person's identity.

The consideration of health and sexual orientation data as sensitive is grounded in the potential for misuse or discrimination based on this information. Because such data can reveal deeply personal aspects of an individual's life, it is essential to have strict regulations in place governing its collection, processing, and storage.

In contrast, general contact information, financial details, and employment history, while also personal data, do not fall under the stricter criteria for special categories outlined in GDPR. These categories are not considered sensitive in the same way that health and sexual orientation data are, and therefore, do not require the same level of protection.