February 14, 2019
We see the question asked time and time again: “what information is considered to be personal data?”. And rightfully so.
Having a clear understanding of information that is (and is not) “personal data” could be the difference between you being able to exploit that information to bring value to your business, and it not being exploited at all.
We’re sure you’ve heard by now: all “personal data” must be processed in accordance with the General Data Protection Regulation (or “GDPR”). In the very least, this means that:
So what counts as “personal data”?
Essentially, “personal data” is any information which identifies, or can be used to identify, a living individual. Obvious examples are:
Less obvious examples may be:
So, as you can see, the definition of what amounts to “personal data” is very broad.
Information will also be considered to be “personal data” if it does not identify an individual in and of itself, but when collected or paired together with other information held by the data controller, can lead to the identification of an individual.
Further, information that is “pseudonymised”, but which can be reverse engineered to re-identify an individual will also be considered to be “personal data”. As such, the information will not be considered to be truly “anonymised” unless an individual’s identity is irreversibly removed, or distorted, from such personal data.
If you’re concerned that you are not GDPR-compliant, please speak to our data protection solicitors to discuss how we can help.
Written by Tom Broster, Solicitor
We’ll start with a no obligation chat where we’ll get to know you and understand your current challenges.
Contact us now