Defining Data Categories
In HOPEX Privacy Management, data categories represent categories of personal data.
Proper definition of data categories is crucial to the subsequent description of company processing activities.
To define data categories:
1. Select Key elements > Data Categories.
2. Identify the most common personal data categories used in your business processing activities.
Below are examples of data categories:
- Contact information: name, address and ID numbers.
- Health data: blood type, physical health status
- Biometric data: Fingerprint, speech recognition
- Sensitive data: race, ethnicity, nationality
You can define:
• the Retention period: default value referring to how long the organization usually keeps this type of data. This time lapse should not be longer than necessary for the purposes for which the personal data is processed.
This default value gives an average indication of what the retention period might be. The actual retention period must be redefined on processing activities, as it depends on the context and objective of data usage. For more information, see Specifying the retention period on a processing activity.
• the Risk scale: default risk level associated to the data category (eg. "high" for financial data).
The risk is considered from the data subject point of view. It refers to what might occurs if data is lost, stolen or becomes unavailable.