> For the complete documentation index, see [llms.txt](https://docs.assenteo.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.assenteo.com/sensitive-and-large-scale-data-processing/sensitive-data-collection.md).

# Sensitive Data Collection

### Is your business collecting sensitive data?

Certain types of data afford special protections under data protection legislation such as the GDPR, HIPAA, FERPA and COPPA.&#x20;

If your business collects health data or children’s data it is very likely to be subject to additional legal obligations.&#x20;

Data about racial or ethnic origins, political opinions, religious or philosophical beliefs, genetics, biometrics and sex life or sexual orientation also hold additional protections under the GDPR. Careful attention to these is necessary in order to maintain regulatory compliance and avoid penalties.&#x20;

### Why does this matter?

The principles of GDPR apply significantly more strictly if your business is processing sensitive data, or ‘special category data’. There are also more limited grounds for the legal processing of special category data. For example, it is far more likely your business will need to get explicit consent from your user before it processes their data if that data is special category data. It is a good idea to seek advice from your DPO or a Privacy Partner before performing any action on the personal data of your users. <br>

Non-compliance also presents financial ramifications. For example, if you collect special category data in the EEA and your business without additional technical and organisational safeguards for special category data, it could be fined up to €20 million, or 4% of worldwide annual turnover (whichever is higher). For example, in the Netherlands in 2024, Clearview AI was fined €30.5 million for unlawfully collecting and processing biometric data without explicit consent. Penalties can also include a ban on processing, regular data protection audits and liability damages to affected users.&#x20;

<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.assenteo.com/sensitive-and-large-scale-data-processing/sensitive-data-collection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.