A visual map of the processes involved in responding to a Data Subject Access Request. Useful for handling requests, planning processing activities, or making your own request.
Special, Sensitive, Confidential Table
Unless you're a data protection geek, you've probably never given much thought to the differences between 'special category personal data', 'sensitive' and 'confidential' information. I am a data protection geek, so this is the sort of thing I think about often.
In my time, I have encountered a number of boggles which have originated from confusion between 'special', 'sensitive' and 'confidential'. It's common for these terms to be used interchangeably, and in casual conversation there's nothing wrong with that (she says through gritted teeth).
However, when setting policy, writing procedures, designing or configuring systems, it's important to be accurate and precise about this sort of thing. Muddling up these three terms can cause problems later down the line - whether that's not having appropriate controls in place, or spending time/money/effort that wasn't actually necessary at all.
Not sure what the differences are? Well, you've come to the right place - here's a PDF with side-by-side comparison and a few examples for you to print and hang on the wall
Figure out whether you need to ask for consent or not before dropping that cookie on site visitors/app users