Sensitive personal data is personal data associated with an individual’s privacy rights that, when violated, will directly affect the individual’s legitimate rights and interests. The implementation of activities related to the processing of sensitive personal data must strictly comply with the law to ensure the consent, legitimate rights and interests of the data subject. So, what is the issue of sensitive personal data and what are the responsibilities of the Data Processor?
1. Sensitive personal data
Personal data refers to electronic information in the form of symbols, letters, numbers, images, sounds, or equivalences associated with an individual or used to identify an individual. The personal data includes general personal data and sensitive personal data.
Sensitive personal data refers to personal data in association with individual privacy which, when being infringed, will directly affect an individual’s legal rights and interests, including:
– Political and religious opinions;
– Health condition and personal information stated in health record, excluding information on blood group;
– Information about racial or ethnic origin;
– Information about genetic data related to an individual’s inherited or acquired genetic characteristics;
– Information about an individual’s own biometric or biological characteristics;
– Information about an individual’s sex life or sexual orientation.
– Data on crimes and criminal activities collected and stored by law enforcement agencies;
– Information on customers of credit institutions, foreign bank branches, payment service providers and other licensed institutions, including: customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organizations and individuals that are guarantors at credit institutions, bank branches, and payment service providers;
– Personal location identified via location services;
– Other specific personal data as prescribed by law that requires special protection.
2. Determination of the sensitive personal data processor
Sensitive personal data processor refers to an organization or individual that processes sensitive data on behalf of the personal data controller via a contract or agreement with the personal data controller.
>> PENALTIES FOR TRADE AND PRODUCTION OF FAKE COSMETICS https://linconlaw.vn/penalties-for-trade-and-production-of-fake-cosmetics/
>> REPORT ON PERSONAL DATA PROCESSING, WHAT ARE THE RESPONSIBILITIES OF ENTERPRISES? https://linconlaw.vn/report-on-personal-data-processing-what-are-the-responsibilities-of-enterprises/
3. Responsibilities of the sensitive personal data processor
– To apply basic personal data protection measures, to:
+ Apply management measures and technical measures related to personal data processing;
+ Develop and promulgate regulations on personal data protection, clearly stating what needs to be done.
+ Encourage the application of personal data protection standards appropriate to the fields, industries, and activities related to personal data processing.
+ Check network security for systems and means and equipment serving personal data processing before processing, irreversibly deleting or destroying devices containing personal data.
+ Designate a department with the function of protecting personal data, designate personnel in charge of protecting personal data, and exchange information about the department and individual in charge of protecting personal data with the specialized agency. responsible for protecting personal data.
+ Notify the data subject that the data subject’s sensitive personal data is processed, unless otherwise specified.
– Only receive sensitive personal data after having a contract or agreement on data processing with the personal data controller.
– Process personal data in accordance with the contract or agreement signed with the personal data controller.
– Fully implement personal data protection measures according to regulations.
– Be responsible to the data subject for damages caused by the processing of sensitive personal data.
– Delete and return all sensitive personal data to the personal data controller after finishing data processing.
– Cooperate with the Ministry of Public Security and competent authorities in protecting personal data and providing information serving investigation and handling of violations against the law on protection of personal data.
Legal basis:
- Decree 13/2023/ND-CP on personal data protection promulgated on April 17, 2023.
𝐋𝐈𝐍𝐂𝐎𝐍 𝐋𝐀𝐖 𝐅𝐈𝐑𝐌 – 𝐒𝐮𝐬𝐭𝐚𝐢𝐧𝐚𝐛𝐥𝐞 𝐜𝐨𝐨𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧
- In Hanoi: 4F Sudico Tower, Me Tri street, My Dinh 1 ward, Nam Tu Liem district, Hanoi city.
- In HCMC: 272 Do Phap Thuan, An Phu ward, Thu Duc city, Ho Chi Minh city.
- Website: http://linconlaw.vn/
- Email: Lawyer@linconlaw.vn
- Facebook: https://www.facebook.com/Linconlawfirmm
- Linkedln: linkedin.com/in/lincon-law-firm-100b96201
- Hotline: +84.987.733.358