Personal information and GDPR

  • Updated

Under GDPR Article 4(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Here's a good resource that explains in detail from the European Commission. 

Examples of personal data:

  • a name and surname;
  • a home address;
  • an email address such as name.surname@company.com;
  • an identification card number;
  • location data (for example the location data function on a mobile phone)*;
  • an Internet Protocol (IP) address;
  • a cookie ID* Note that in some cases, there is specific sectoral legislation regulating for instance the use of location data or the use of cookies – the ePrivacy Directive;
  • the advertising identifier of your phone;
  • data held by a hospital or doctor, which could be a symbol that uniquely identifies a person.

Examples of data not considered personal data:

  • a company registration number;
  • an email address such as info@company.com;
  • anonymized data.