GDPR: Don't Touch my Data

So, GDPR is to protect the personal data of EU citizens. But what actually is personal data? This can be pretty vague and depends on the context.

Picture of the autor Rutger Buijzen

Rutger Buijzen

Chief Technology Officer

Personal data what? 

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pretty clear right? So basically, it's all the data that can identify a person directly or indirectly.

Difference between direct and indirect personal information


Examples of directly identifiable personal information are:

  • Name
  • Email address
  • Social security number


But there are a lot of ways to be able to identify you indirectly when you gather enough data or combine data.

Some examples of these kinds of data are:

  • Age
  • Gender
  • Race
  • Address
  • Phone number
  • IP Address
  • Cookies (this depends on the data in the cookie)
  • Photograph

There isn't a definite list of data which is considered personal data so you need to think: can I identify someone with all the data I have about someone? For the tech savvy among us, you can agree there are a lot of possibilities to do this.

Special personal information: handle with care

There are a few types of personal information which are regarded as ‘special’ under GDPR, and should be handled with extra care, or need additional legal basis to process them.

  • Race (this can be based on a photograph)
  • Ethnic origin
  • Politics
  • Religion
  • Trade union membership
  • Genetics
  • Biometrics (where used for ID purposes)
  • Health
  • Sex life; or sexual orientation

So when creating a new form, designing a landing page, or starting to use a new tool, think about what you're doing, and what kind of data you are working with that could be considered personal data. If you think it is, follow the GDPR!

More GDPR worries?

This was our final blog about the GDPR. Too sad, right? Hopefully, the information provided was useful. If you still have questions, please feel free to contact with our GDPR expert via . We want to provide you with all the knowledge you need.


Have a GDPR compliant time!