1 minute read
What is Personal Data?
Guidance on different types of data and how they apply within GDPR legislation
Not Personal Data:
Data from which it is not possible to directly or indirectly identify an individual:
Personal Data:
Any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier:
• Address without a name.
• A generic email address such as info@company.com or company@hotmail.com, unless you hold it on a database as being the email address of a specific named contact.
• A receipt with date, time, last 4 digits of credit card but no name or email address
• Corporate accounts with summary payroll data.
• Company name – if it is not the name of an individual it can be identified with.
• Website address – if it cannot be identified with an individual.
• Phone number without a name.
• Job title without a name.
• Name and address.
• Personal email address identifiable with an individual – e.g. john.smith@anydomain.com
• Name with last 4 digits of credit card.
• I.P Address – if it can be associated with an identifiable individual.
• A web cookie – if it can be associated with an identifiable individual.
• Photos or CCTV images of individuals.
• Company name – if it can be identified with an individual.
• Job title with a name.
Special Category Data:
Personal data that could create more significant risks to a person’s fundamental rights and freedoms. For example, by putting them at risk of unlawful discrimination:
• Race / ethnic origin.
• Political affiliation.
• Religion.
• Trade union membership.
• Genetics.
• Biometrics.
• Health.
• Sex life.
• Sexual orientation.
Special Category Data requires additional measures to be taken with regards to documentation and the nature of processing. This is because mismanagement of it could create more significant risks to a person’s fundamental rights and freedoms than with normal personal data.
