GDPR: Don't touch my Data!

Naar blogoverzicht
23 July 2018

So, GDPR is to protect the personal data of EU citizens. But what actually is personal data? This can be pretty vague and depends on the context.

This is the definition of personal data in the GDPR:
 

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pretty clear right? So basically, it's all the data which can identify a person directly or indirectly.

Examples of directly identifiable personal information are:
 

  • Name

  • Email address

  • Social security number

But there are a lot of ways to be able to identify you indirectly when you gather enough data or combine data.

Some examples of these kind of data are:
 

  • Age

  • Gender

  • Race

  • Address

  • Phone number

  • IP Address

  • Cookies (this depends on the data in the cookie)

  • Photograph

There isn't a definite list of data which is considered personal data so you need to think: can I identify someone with all the data I have about someone?  For the tech savvy among us, you can agree there are a lot of possibilities to do this.

IMPORTANT:

There are a few types of personal information which are regarded as ‘special’ under GDPR, and should be handled with extra care, or need additional legal basis to process them.

  • Race (this can be based on a photograph)

  • Ethnic origin

  • Politics

  • Religion

  • Trade union membership

  • Genetics

  • Biometrics (where used for ID purposes)

  • Health

  • Sex life; or sexual orientation

So when creating a new form, designing a landing page, or starting to use a new tool, think about what you're doing, and what kind of data you are working with that could be considered personal data. If you think it is, follow the GDPR!

do you still have questions?

This was our final blog about the GDPR. Too sad, right? Hopefully, the information provided was useful. If you still have questions, please feel free to contact with our GDPR expert Matthijs via privacy@dotcontrol.nl. We want to provide you with all the knowledge you need.

Have a GDPR compliant time!

Share this post on social media

Van Nelleweg 1, 3044 BC Rotterdam
+31 (0)10 71 44 646 info@dotcontrol.nl