1. Documentation
  2. Subject Rights (DSAR)

Personal Information and GDPR

What is PII under GDPR?

Under GDPR Article 4(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Here's a good resource that explains in detail from the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en

Examples of personal data

  • a name and surname;
  • a home address;
  • an email address such as name.surname@company.com;
  • an identification card number;
  • location data (for example the location data function on a mobile phone)*;
  • an Internet Protocol (IP) address;
  • a cookie ID* Note that in some cases, there is specific sectoral legislation regulating for instance the use of location data or the use of cookies – the ePrivacy Directive;
  • the advertising identifier of your phone;
  • data held by a hospital or doctor, which could be a symbol that uniquely identifies a person.

 

Examples of data not considered personal data

  • a company registration number;
  • an email address such as info@company.com;
  • anonymized data.