DASTRA
English
English
  • What is Dastra
  • 🇪🇺USEFUL REMINDERS
    • What is GDPR ?
    • GDPR key concepts
      • Personal data
      • Record of processing activities (ROPA)
      • Privacy impact assessment
      • Data retention period
      • Data Subject Rights (DSR)
      • Privacy by design and by default
      • Security measures
      • Data breach notifications
    • Risk management
      • Definition of risks
      • Risk assessment
      • Vendor risk management
  • 🧑‍🎓GETTING STARTED
    • Setting up
      • Create and set up a workspace
      • Create and set up organizational units
      • Appointing a DPO
      • Add a lead authority
      • Invite users
      • Managing roles and permissions
      • Create and assign teams
      • Frequently asked questions
    • Tutorial
      • Step 1: Setting up
      • Step 2: Map your personal data processing and draw up a register
      • Step 3: Managing risks
      • Step 4: Prioritize actions
      • Step 5: Implement internal processes
      • Step 6: Document compliance
    • Support
      • The dastronaut's assistant
      • Online help
      • Request support
      • The customer support process
  • ⚙️Features
    • Dashboard
    • General
      • Advanced Filters
      • Import your data (Excel, Csv)
      • Tag management
      • Custom fields
      • AI Assistant
      • Email templates
    • Data Mapping
    • Record of processing activities
      • "Data controller" record
      • "Data processor" record
      • Establish your record
      • Export / import the record
      • Use a processing activity template
      • Declare a processing activity
      • Complete a data processing activity
        • General information
        • Stakeholders
        • Purposes
        • Dataset
        • Assets
        • Data subjects
        • Data subjects rights (DSR)
        • Recipients
          • Data transfers outside the EU
        • Security measures
        • Impact analysis
        • Documentation
      • Create relationships between processing activities
      • Processing freshness
      • Share the record of processing
      • Data visualization
        • View the treatment tree
        • View the record data map
        • View the transfers map
      • Frequently asked questions
    • Audits and DPIA
      • Create or modify an audit template or DPIA
      • Scheduling an audit or a PIA
      • Share an audit report or PIA
      • FAQ
    • Privacy hubs
      • Create a Privacy hub
      • Configure your Privacy hub
        • Homepage and general configuration
        • Questionnaires
        • Data subject requests
        • Record of processing activities
        • Attachments
        • Organizational chart
        • Contacts
        • Security
        • Appearance and design
      • Preview and share your privacy hub
      • Collecting data processing projects from a Privacy hub.
    • Contracts
      • Declare a Contract
      • Structure of a contract
      • Documents
      • Assets
      • Signers
      • Linked users
      • Sign the contract
      • Docusign integration
      • Contract versions
      • Contract templates
    • Risk management
      • Glossary of terms
      • Risk management process
        • 1. Identification
        • 2. Assess
        • 3. Monitor
        • 4. Control
        • Let's recap
      • Dastra / eBios RM comparison
      • Attach a risk to a processing activity
      • FAQ
    • Planning
      • Create your action plan
      • Create or modify a project or an iteration
      • Monitor, screen or export your tasks
      • Customise the task workflow
      • Share as calendar
      • Customise the task workflow
      • Go further with planning
      • FAQ
    • Data subject right request
      • Manage data subject right requests
      • Set up a data subject right request widget
      • Technical integration
      • API integration
    • Manage data breach notifications
      • Report a data breach
      • Export your data breach notifications
    • Manage cookies consent
      • Widget configuration
        • Preliminary study
        • Cookies scanning
        • Classify cookies by consent categories
        • The purposes of cookies
        • Implement a cookie consent widget
        • Collect proof of cookie consent
        • Go further on cookie consent
        • In case of unavailability
      • Technical integration
        • Functioning of the widget
        • Quick start
          • Wordpress
        • Language management
        • Test the integration of a widget
        • Blocking cookies
          • Blocking iframes (twitter/youtube...)
          • Google Tag Manager
        • Advanced Design
        • Manage consent programmatically
        • User identification
        • Mobile applications
          • Hybrid applications
          • Native applications
        • TCF 1.1/2.0
      • RGAA compliance
      • Breakdown service
    • Regular review (freshness)
    • Custom Reporting
      • Integration with data analysis tools (BI)
    • AI Systems
      • Establishing a record of AI systems
      • Risk analysis and business value
      • Transparency notice
      • AI Models repository
    • Advanced configuration
      • SCIM
      • Roles and permissions
      • Single Sign On (SSO)
        • SAML 2
        • OpenId
        • ADFS
        • Active Directory
        • Okta
        • Known problems
      • References
      • API key management
      • Notifications
      • Workflow steps / process flow
      • Incoming mail data collection
      • OneDrive/Google Drive integrations
      • Webhooks
      • SMTP configuration
      • Workflow rules
      • Message templates
      • Email domains
  • PARTNERS
    • Portal
  • 📄API documentation
    • Configuration
    • Authentication
    • API References
    • Integrations
      • Frequently asked questions
  • 🛡️Security
    • Security at Dastra
    • Security roadmap
    • Quality of Service
  • Certifications
  • 🤖Other
    • FAQ
    • Known problems
    • Changelog
  • Referentials
    • CNIL referentials
      • HR referential from CNIL
Propulsé par GitBook
Sur cette page
  • Definition of personal data
  • Categories of personal data
  • Definition of sensitive data
  • For more information

Cet article vous a-t-il été utile ?

  1. USEFUL REMINDERS
  2. GDPR key concepts

Personal data

Learn what personal data is.

Definition of personal data

According to the French CNIL, personal data is any information relating to an identified or identifiable individual.

A natural person can be identified:

  • either directly (example: surname and first name)

  • or indirectly (example: telephone number, social security number, email or postal address, but also voice and image)

The identification of a natural person can be carried out:

  • from a single data (example: name)

  • from the cross-referencing of a set of data (example: a woman living at such an address, born on such a day and member of such an association)

However, the contact details of the company are not, in principle, personal data (example: generic email company1@email.fr)

Categories of personal data

Categories of personal data are groups of personal data by nature.

There are different types of personal data: identity, family, economic or financial situation, banking data, connection data, location data, etc:

  • Civil status, identity, identification data, images...

  • Personal life

  • Professional life

  • Economic and financial information

  • Connection data

  • Location data

  • Web data

  • Ethnic Origins

  • Political views

  • Religious Beliefs

  • Union membership

  • Genetic data

  • Biometric data

  • Health data

  • Sexual orientation

  • Data relating to offences, criminal convictions or security measures

  • Judicial files, criminal records

  • Other

  • National identification number (NIR)

Definition of sensitive data

Certain categories of data are said to be "sensitive". This is information that reveals:

  • the alleged racial or ethnic origin,

  • political opinions,

  • religious or philosophical beliefs,

  • membership in a union,

  • genetic data,

  • biometric data,

  • data reflecting the sexual orientation of an individual.

An example of sensitive data is fingerprints, which fall under the category "biometric data".

As a matter of principle, the processing of such data is prohibited, with some exceptions.

The EU Regulation prohibits the collection or use of such data, except, in particular, in the following cases:

  • if the person concerned has given his/her express consent (active, explicit and preferably written, which must be free, specific and informed);

  • if informations are clearly made public by the data subject;

  • if informations are necessary for the safeguard of human life;

  • if their use is justified by the public interest and authorized by the data authority;

  • if informations concern the members or adherents of an association or a political, religious, philosophical or trade union organization.

For more information

Dernière mise à jour il y a 2 ans

Cet article vous a-t-il été utile ?

🇪🇺
View the record data map
Dataset