Privacy Glossary

Sensitive Personal Data

Categories of personal data that warrant heightened protection due to the elevated risk of harm if misused.

GDPRDPDP ActCCPA

Full Definition

Sensitive Personal Data refers to categories of personal data that carry higher privacy risks and therefore attract stricter protection under data protection laws. Under GDPR Article 9, special categories include: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life, and sexual orientation. Processing these categories requires explicit consent or another specific lawful basis. India's DPDP Act uses the concept of personal data that may be notified as requiring additional protection. CCPA's CPRA introduced a 'sensitive personal information' category with opt-out rights. Organisations must identify and apply additional controls to all sensitive data they hold.

Back to all terms

Related terms

Personal Data

Any information that relates to an identified or identifiable natural person.

DPIA

Data Protection Impact Assessment — a systematic process to identify and minimise privacy risks in new processing activities.

Lawful Basis

A legal justification under GDPR for processing personal data — one of six bases must apply before processing can begin.

Relevant regulations

GDPR

DPDP Act

CCPA

Browse more terms

Explore all 25 privacy and compliance terms in our glossary.

View full glossary

Automate your privacy program

TruePrivacy handles DSRs, consent management, data mapping, and breach response — all in one platform.

Start Free Trial Book a Demo