BLOG

What is personal data?

Image

According to the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

According to the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Information must ‘relate to’ the identifiable individual to be personal data. This means that it does more than simply identifying them, it must concern the individual in some way. Data can reference an identifiable individual and not be personal data about that individual, as the information does not relate to them.

Examples of personal data:
o a name and surname;
o a home address;
o an email address such as name.surname@company.com;
o an identification card number;
o location data (for example the location data function on a mobile phone)*;
o an Internet Protocol (IP) address;
o a cookie ID*;
o the advertising identifier of your phone;
o data held by a hospital or doctor, which could be a symbol that uniquely identifies a person.

Examples of data not considered personal data:
o a company registration number;
o an email address such as info@company.com;
o anonymised data.

Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.

Bibliography