Does my organisation store and collect personal data?
Personal data can fall into two categories, ‘Personal Data’ and ‘Special Category Data’ (sometimes known as ‘sensitive personal data’):
Personal Data is any information that can be used to directly identify an individual, or information that can be used to identify an individual in combination with other information. Examples include name and surname, personal email address and an individual’s National Insurance number.
Special Category Data are considered to be more sensitive and likely to cause harm to the individual, and therefore can only processed in more limited and tightly controlled circumstances. Examples include information about an individual’s sexuality, their political opinions, race and ethnicity, medical history and biometrics.
If the data you store sounds like any of these, you must adhere to the Data Protection Act 2018 and the GDPR.