What Counts as ‘Personal Data’ Under the GDPR?
The GDPR concerns how personal data is handled in the European Union (EU). However, there's circumstances where it also applies to Australian businesses.
The General Data Protection Regulation (GDPR) is a European law on data protection and privacy for citizens of the European Union. It predominantly addresses personal data. However, many people don’t understand what this means under the GDPR. We break it down below, to ensure that you accurately understand what it contains.
Definition of personal data
A section of the GDPR defines what personal data entails. It includes any information that is related to an identified or identifiable person. If a person can be recognised through any identifier it may be considered personal. This includes:
- Location data.
- Identification number.
- Online identifier.
In short, if an individual can be identified through any kind of data, it falls within the definition.
How deep does this extend?
The definition includes ‘any information’. Thus, the definition needs to be interpreted broadly. Numerous cases have proven this, considering less explicit information such as recordings of employee’s shift times, break times and IP addresses. It even includes written information on a test.
Personal data doesn’t need to be objective. Subjective information such as opinions, judgements or even personal estimates may constitute personal data.
Does it only extend to people?
Part of the definition includes ‘identified or identifiable persons’. It must be a natural person. Therefore, these laws do not protect information about businesses, corporations or institutions. However, natural people have capacity under the definition from the moment they are born, to the moment they die.
When is data not personal?
Data that has been made anonymous to the extent that an individual is not identifiable is when it ceases to be personal data. There must be no link between the data, and the person it belongs to. If there is even a hint that it belongs to the person, then it may be classed as personal.
Kyle worked in the content team as a legal intern for Lawpath. He is undertaking a Bachelor of Laws with a Bachelor of Psychology (Honours) at Macquarie University.