Personal data

Personal data is defined as all information that can be used to identify a person. This is an important aspect when dealing with data and complying with GDPR.

What is personal data?

Personal data is all information that can be used to identify a person. Identify means that a person can be identified or is identifiable directly from the information in question, or can be indirectly identified from that information in combination with other information.

As an example, personal data can be identifiable information such as name, address, age and education, financial matters such as taxes and debts, photos, fingerprints, family relationships, housing, car, exam, job applications, CV, date and position of employment, work area and work telephone.

Special categories of personal data (sensitive personal data)

Personal data may also include special categories of personal data or criminal information. These are considered to be more sensitive and you may only process them in limited circumstances. The special categories of personal data are explicitly mentioned in Art. 9 of the GDPR. The special categories of data are information regarding:

  • Race and ethnic origin
  • Political beliefs
  • Religious or philosophical beliefs
  • Trade union affiliation
  • Genetic data
  • Biometric data for unique identification
  • Health information
  • Sexual relationships or sexual orientation

Only the information mentioned above is considered sensitive personal information.

If personal data is anonymised, so it is no longer possible to identify anyone from it, the data is no longer seen as personal data and is then not subject to the GDPR. Pseudonymised data can help reduce privacy risks by making it more difficult to identify individuals, but pseudonymised data is still considered personal data under the GDPR.

Learn more about Privacy Hub →