What data is considered “personal data” by GDPR?

EU General Data Protection Regulation (GDPR) went into effect on May 25, 2018. An EU wide legal framework, GDPR is mandatory for companies working and/or subcontracting in Europe and/or handling EU citizens’ data.

GDPR regulates the storage, use and processing of personal data, with the objective of giving European citizens more control of their personal data. GDPR replaced a 1995 European directive inspired by the French Data Protection Act.

Every company, Europe-based or working with European citizens’ personal data, it is mandatory to understand GDPR, what the EU considers personal data, and the regulatory processing that must be practiced in order to comply.

The EU defines personal data as information relating to a natural person, identified or identifiable (…) directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to its physical, physiological, genetic, psychic, economic, cultural or social identity.

The definition is rather wide and includes biometrical data, including digital prints, DNA and voice.

As the G29 working group (composed of national authorities for personal-data protection) states : Data comprised of sounds and images deserve (…) recognition as personal data. Companies must be able to prove at any time that these data are managed in a GDPR-compliant way.

Some examples of personal data :

  • First and last name.
  • Phone number
  • Email adress
  • IP adress
  • Medical data
  • Banking data
  • Religious and political data

GDPR compliance is putting commercial customs and habits at stake, and imposes a restructuration of processing and using personal data for companies worldwide.

According to IBM, 90% of the data didn’t even exist 2 years ago.

So, in order to be protected tomorrow, are you GDPR ready today?

Disclaimer: All data and information provided in this blog post are for informational purposes only. Mediartis makes no representation as to the accuracy, completeness, timeliness or validity of the information contained in this document. We recommend that you consult a lawyer for any legal advice regarding the respect of data protection.

Share this article

Share This Post

More posts