Article 30.02

The Commission may make regulations or issue directives prescribing —

(a) further categories of personal data that may be classified as sensitive personal data;

(b) further grounds on which such personal data may be processed; and

(c) safeguards that may apply.