-
Personal data are any data relating to identifiable natural person
-
Consider all means reasonably likely to be used for identification
(e.g. speed camera is likely to identify car owner by license plates)
-
Perspective matters: data are identifiable to those who have access
-
Once a person is identifiable, all other data relating to him or her becomes personal data
If you want to protect personal data, you definitely need to understand, what personal data are. And this is not always obvious, even to lawyers. That is why under GDPR, personal data means any information relating to natural person you can identify. So personal data can be virtually anything that can be said, shown, listened to or examined about you or any other natural person.
To trigger GDPR applicability, such information should be identifiable, meaning that within a given context, it is possible to attribute them to a specific person. For instance, if you see a name ‘Joe Bloggs’, you do not know who exactly are we talking about.
To assess if information is identifiable, take into account all the means reasonably likely to be used to identify the natural person. Consider costs and amount of time for such identification, as well as available technology. For instance, unless there was an accident, it is not reasonably likely that you identify drivers around you by their license plates.
Once you are able to identify a specific person, all data that relates to him or her should be treated as personal data. Data protection law does not apply to purely personal or household activity, but this part of life is protected by other privacy law norms. In all other cases, always double-check or even ask expert before concluding that GDPR or other data protection laws are not applicable.
Next: GDPR staff training 5/17 – what is personal data processing?
Table of contents:
GDPR staff training 1/17 – preview
GDPR staff training 2/17 – how do you approach data protection right now?
GDPR staff training 3/17 – why protect data at all?
GDPR staff training 4/17 – what are personal data?
GDPR staff training 5/17 – what is personal data processing?
GDPR staff training 6/17 – who processes personal data?
GDPR staff training 7/17 – how personal data should be processed?
GDPR staff training 8/17 – what are your roles & responsibilities?
GDPR staff training 9/17 – why the need to know principle is so important?
GDPR staff training 10/17 – what difference can you make?
GDPR staff training 11/17 – how do you approach data protection right now?
GDPR staff training 12/17 – why provide information on data processing?
GDPR staff training 13/17 – what is the sense of consents to data processing?
GDPR staff training 14/17 – what to include in and how to apply contracts?
GDPR staff training 15/17 – what to include in & how to apply contracts?
GDPR staff training 16/17 – how to handle data subject requests?
GDPR staff training 17/17 – wrap-up
Self-implement GDPR in 16 steps:
Complete data protection system – A-Z course & templates
