‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Pretty clear right? So basically, it's all the data which can identify a person directly or indirectly.
Examples of directly identifiable personal information are:
- Email address
- Social security number
But there are a lot of ways to be able to identify you indirectly when you gather enough data or combine data.
Some examples of these kinds of data are:
- Phone number
- IP Address
- Cookies (this depends on the data in the cookie)
There isn't a definite list of data which is considered personal data so you need to think: can I identify someone with all the data I have about someone? For the tech savvy among us, you can agree there are a lot of possibilities to do this.
There are a few types of personal information which are regarded as ‘special’ under GDPR, and should be handled with extra care, or need additional legal basis to process them.
- Race (this can be based on a photograph)
- Ethnic origin
- Trade union membership
- Bio metrics (where used for ID purposes)
- Sex life; or sexual orientation
So when creating a new form, designing a landing page, or starting to use a new tool, think about what you're doing, and what kind of data you are working with that could be considered personal data. If you think it is, follow the GDPR!
Do you still have questions?
This was our final blog about the GDPR. Too sad, right? Hopefully, the information provided was useful. If you still have questions, please feel free to contact with our GDPR expert via email@example.com. We want to provide you with all the knowledge you need.
Have a GDPR compliant time!