What qualifies as "sensitive personal data" under GDPR?

Under the General Data Protection Regulation (GDPR), "sensitive personal data" is categorized into specific types that require additional protection due to their nature and the potential for harm if misused. This includes data that reveals a person's racial or ethnic origin, which is one of the special categories of personal data identified by the GDPR. Other categories include data related to health, political opinions, religion, and sexual orientation.

Given this context, the identification of racial or ethnic origin as sensitive personal data is crucial because it directly pertains to aspects of individual identity that can lead to discrimination or stigmatization. The GDPR imposes stricter conditions for processing such sensitive personal data to ensure that individuals' fundamental rights and freedoms are safeguarded.

In contrast, details like a person's favorite color, purchase history, or general demographic data do not fall under the classification of sensitive personal data. These types of information are considered part of regular personal data, which doesn't carry the same level of risk or require enhanced protection under GDPR.