2LRN4 security awareness platform
NL · EN
← Back to overview

Sensitive Personal Information

Since the introduction of the GDPR, privacy has become part of everyday work. However, many employees are still unsure what qualifies as sensitive personal information and why seemingly harmless data can pose serious risks.

In the e-learning Sensitive Personal Information, employees learn that sensitive data goes far beyond names or national identification numbers. By combining just a few data points — such as gender, date of birth and address — individuals can often be uniquely identified. The course explains how cybercriminals exploit these combinations for identity theft, financial fraud, blackmail or stalking.

Through realistic and story-driven videos, participants see how easily sensitive information can be shared unintentionally. A social media post, an access badge containing too much information or data scattered across multiple departments can together create a complete personal profile.

The course distinguishes between low, medium and high sensitivity data, explaining why some information seems less risky on its own but becomes highly valuable when combined. It also highlights why stolen banking and identity data are sold for high prices on the dark web and the severe consequences this can have for individuals and organisations.

Participants learn how sensitive information can be exposed through lost or stolen laptops, USB drives, paper files, phishing attacks and social engineering. The course emphasises that convenience, oversharing on social media and weak security controls significantly increase these risks.

Finally, the course provides clear guidance on safe handling of sensitive personal information: limiting data collection, securing storage, using strong and unique passwords, enabling multi-factor authentication and regularly cleaning up stored data — both digital and physical.

What will participants learn?

After completing this course, participants will:

  • understand what sensitive personal information is
  • know how data combinations can uniquely identify individuals
  • recognise differences between low, medium and high sensitivity data
  • understand how identity theft and misuse occur
  • know how to store and share sensitive information securely
  • make conscious decisions about what information to share

Who is this course for?

This course is suitable for:

  • all employees working with personal data
  • organisations strengthening GDPR compliance
  • teams aiming to prevent data breaches and identity fraud
  • employees without legal or technical expertise

Why this course is relevant right now

Sensitive personal information is one of the most valuable targets for cybercriminals. This course raises awareness, reduces risk and helps prevent long-term damage caused by privacy incidents.