The General Data Protection Regulation (GDPR) and Personal Data
The General Data Protection Regulation (GDPR) is a set of data protection rules implemented by the European Union to give individuals greater control over their personal data. It requires businesses to obtain clear consent before collecting personal information, ensures the right to access and erase one's data, and imposes strict regulations on the handling and transfer of personal data to enhance privacy and security for EU citizens.
The GDPR requires encryption to safeguard data during transmission and storage, regular security assessments to identify and address vulnerabilities, and the establishment of strict access controls to limit who can handle sensitive personal data. It also requires organizations such as UC Santa Cruz to take steps to prevent breaches and promptly notify authorities and affected individuals of security incidents.
GDPR and Sensitive Personal Data
The GDPR has special rules for sensitive personal data. Under the GDPR, sensitive personal data includes:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade-union membership
- Genetic data
- Biometric data processed solely to identify a human being
- Health-related data
- Data concerning a person’s sex life or sexual orientation
Sensitive personal data can only be handled with the person's consent or under specific circumstances. See Article 9 of the GDPR for more information.
Resources
- IT Policies
- Data and IT Resource Classification
- Protection Levels for UC Institutional Information
- Security Web Site
- Availability Levels for UC Institutional Information
- IT Policy Glossary
- IS-3: Information Security Policy
- IS-12: IT Recovery Policy
Need Help?
Call: (831) 459-HELP (9-4357)
Email: help@ucsc.edu
