Personal Data Under GDPR
Home » Personal Data Under GDPR
What is Personal Data Under GDPR?
Knowing the scope of personal data is one of the cardinal requirements for compliance with the General Data Protection Regulation. This article defines personal data under GDPR and explains how to handle it properly.
Definition of Personal Data Under GDPR
GDPR defines personal data as:
”Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Key Identifiers According to GDPR
Under GDPR, there are many forms of information that constitute personal data. These include:
- Name: A person’s name, in conjunction with other information that identifies him or her.
- Identification numbers: Information includes Social Security numbers, passport numbers, or any other numbers used as identification.
- Location data: This shall include information like the address or geographical location.
- Online Identifiers: IP addresses and Cookies constitute Online Identifiers.
- Other Factors: Physical, genetic, economic, or social characteristics that are linked to a person’s identity.
Importance of Context
GDPR places significant importance on the context in which data is collected and processed in determining whether data is personal in nature.
Examples of Contextual Data
- Job Title: A job title, such as “developer,” in itself does not identify a person. This becomes personal data when related to a specific company.
- Company Names: A company name alone does not identify any person, but when combined with specific job titles or the other information, it might be identifiable.
This information will mostly be stored together with other identifiers; thus, personal data.
Categories of Personal Data
In compliance of GDPR, an organization must thus follow the following;
- Collect Appropriate information: Be sure to only collect data that is relevant to the purpose intended.
- Keep the data updated: In case of change or after a specific period, the data has to be updated regularly to keep the data accurate.
- Store for as long as necessary: Data may be retained only until it serves the purpose intended to be.
- Protection of Data: Security measures should be applied on the data so that breach of data or unauthorized access could not take place.
Utilizing the services of DPO
When one is in dilemma regarding dealing with personal data in conformity with GDPR, it is advisable to seek the services of a Data Protection Officer. A DPO is a person who,
- Provides advice regarding the measures taken for compliance with provisions related to the protection of personal data.
- Reviews and updates data protection policies
- Conducts a DPIA as to the necessity
- Serves as a point of contact between the business and supervisory authorities
While all these are not a prerequisite in appointing a DPO, it sure does make your compliance a lot more effortless and unchallenging.
How can DPOsphere assist?
DPOsphere is designed to make compliance easier for any organization and to manage this compliance effectively. This means that using the software allows one to outsource processes related to personal data protection and therefore decrease human resource involvement, saving time and cost. DPOsphere offers you advanced tools to enhance your data protection practices and streamline compliance processes.
