MODULE CONTENT
This module explores the classification of different types of data defined by the GDPR, including non-personal, personal and sensitive data. It explains how these categories are protected by the GDPR and the strict rules governing their processing. The module also stresses the importance of protecting sensitive data and the conditions necessary for its processing, while emphasizing that personal data reveals intimate aspects of our identity and must be protected.
LEARNING OBJECTIVES
Personal data under the LGPD
The LGPD, the Brazilian Personal Data Protection Act, distinguishes several categories of data that need to be protected at different levels. These categories include non-personal data, personal data and sensitive data.
Non-personal data does not require specific protection under the LGPD. They include, for example, company-related information, such as a company's generic e-mail address or general product data.
Personal data, on the other hand, is any information relating to an identified or identifiable natural person. This includes information enabling direct identification, such as a name or photo, or indirect identification, such as a combination of data including date of birth, IP address, telephone number or consumer habits. Such personal data is protected by strict principles under the GDPR.
Lastly, certain sensitive personal data deserves enhanced protection. This concerns information relating to racial or ethnic origin, religious beliefs, political opinions, health, sex life, as well as genetic or biometric data. The processing of such sensitive data is subject to stringent conditions, requiring the explicit consent of the data owner or compliance with specific criteria laid down by law, such as compliance with a legal obligation.
The protection of personal and sensitive data is essential to guarantee the privacy of individuals, as these data reveal intimate aspects of their identity and private life.