An individual complained to the DPC that a clothing and food company disclosed their personal medical information by issuing postal correspondence with the words “Coeliac Mailing” printed on the outside of the envelope. As part of the Stores Value Card facility, the individual in question had signed up to receive an ‘Annual Certificate of Expenditure’ of gluten-free products purchased during the year, which could be used for tax purposes. The DPC advised the store that under Article 9 of the GDPR, health data is deemed sensitive data and is afforded additional protection and that displaying the words “Coeliac Mailing” has to be examined in light of Article 9 of the GDPR. In response, the store advised the DPC that it instructed its marketing department to cease using this wording on the outside of envelopes for all future mailings. The DPC welcomes the positive outcome to this engagement.