What Counts as ‘Personal Data’ Under the GDPR?

The General Data Protection Regulation (GDPR) is a European law on data protection and privacy for citizens of the European Union. It predominantly addresses personal data. However, many people don’t understand what this means under the GDPR. We break it down below, to ensure that you accurately understand what it contains.

Definition of personal data

A section of the GDPR defines what personal data entails. It includes any information that is related to an identified or identifiable person. If a person can be recognised through any identifier it may be considered personal. This includes:

  • Name.
  • Location data.
  • Identification number.
  • Online identifier.

In short, if an individual can be identified through any kind of data, it falls within the definition.

How deep does this extend?

The definition includes ‘any information’. Thus, the definition needs to be interpreted broadly. Numerous cases have proven this, considering less explicit information such as recordings of employee’s shift times, break times and IP addresses. It even includes written information on a test.

Personal data doesn’t need to be objective. Subjective information such as opinions, judgements or even personal estimates may constitute personal data.

Does it only extend to people?

Part of the definition includes ‘identified or identifiable persons’. It must be a natural person. Therefore, these laws do not protect information about businesses, corporations or institutions. However, natural people have capacity under the definition from the moment they are born, to the moment they die.

When is data not personal?

Data that has been made anonymous to the extent that an individual is not identifiable is when it ceases to be personal data. There must be no link between the data, and the person it belongs to. If there is even a hint that it belongs to the person, then it may be classed as personal.

Final thoughts

Before understanding how the law operates, it’s necessary to understand what kind of information the law is built to protect. Personal data is any data that may attributed to a natural person. To ensure you meet these requirements, a GDPR Privacy Policy is specifically created to abide with this framework for your business. For further enquiries on the topic, a privacy lawyer may be able to assist.

Don’t know where to start? Contact us on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest lawyer marketplace.

Most Popular Articles
You may also like
Recent Articles

Get the latest news

By clicking on 'Sign up to our newsletter' you are agreeing to the Lawpath Terms & Conditions

Share:

Register for our free live webinar today!

Navigating the End-of-Year Shutdown: Essential Tips for Your Business

12:00pm AEDT
Tuesday 10th December 2024

By clicking on 'Register for webinar' you are agreeing to the Lawpath Terms & Conditions

You may also like

Payment summaries indicate all the payments you have made to your employees over the recent financial year. This article explains how to use them.
Is your company considering buying back its own shares? Check out our comprehensive guide or share buybacks, including pros, cons, and tax implications.
As end of year approaches, now is the perfect time to review your business and get it ready for a successful year ahead.

Thank you!

Your registration is confirmed. Keep an eye on your inbox for an email with details on how to watch the webinar.