GDPR Personal Data

Processing personal data is the primary trigger for most GDPR requirements, so it’s important organizations understand how personal data is defined.

According to Article 4 personal data is:

“any information which are related to an identified or identifiable natural person.”

This definition is quite broad, purposefully so, and examples include:

  • Numbers associated with a person:
    • Telephone
    • Driver’s license
    • Credit card
    • License plate
    • Bank account
    • Social security
    • Physical address
    • IP address
  • Documentation of working hours or work performance
  • Utility records (water, electric, sewage)
  • Biometric data like fingerprints, height, weight, or hair color
  • Location data

Personal data can be direct identifiers, like someone’s name, or indirect identifiers such as physical characteristics. Essentially, personal data is any information that, used independently or in tandem with other data, could identify an individual.

Learn more about how the GDPR defines personal data.