Personal data is defined as all information that can be used to identify a person. This is an important aspect when dealing with data and complying with GDPR.
Personal data is all information that can be used to identify a person. Identify means that a person can be identified or is identifiable directly from the information in question, or can be indirectly identified from that information in combination with other information.
As an example, personal data can be identifiable information such as name, address, age and education, financial matters such as taxes and debts, photos, fingerprints, family relationships, housing, car, exam, job applications, CV, date and position of employment, work area and work telephone.
Personal data may also include special categories of personal data or criminal information. These are considered to be more sensitive and you may only process them in limited circumstances. The special categories of personal data are explicitly mentioned in Art. 9 of the GDPR. The special categories of data are information regarding:
Only the information mentioned above is considered sensitive personal information.
If personal data is anonymised, so it is no longer possible to identify anyone from it, the data is no longer seen as personal data and is then not subject to the GDPR. Pseudonymised data can help reduce privacy risks by making it more difficult to identify individuals, but pseudonymised data is still considered personal data under the GDPR.
Visit our Complaince School and learn about the different GDPR-related terms, including personal data, data controller and data processor through a series of free video lectures.Watch now
Join our free bi-weekly newsletter focused on news and updates from the legal landscape of data privacy.