Blog Compliance GDPR: What is Personally Identifiable Data? November 16, 2022 Jay Trinckes Compliance GDPR was established by the EU to protect individuals’ data from malicious actors–and from being inappropriately leveraged in marketing, sales, or any other corporate transaction. GDPR considers personal data a combination of four elements: “any information”“relating to”“an identified or identifiable”“natural person” Let’s break each of those categories down. Natural Person The person must be alive in order to be considered a natural person. Any Information Includes objective information about an individual. Examples: HeightWeightSkin toneHair color Eye colorPhysical descriptionFoot sizeFingerprint Medical conditionMedicationBiometric This is not limited to a specific format or delivery vehicle. Examples: Audio, Video, Photograph, Numerical, or Graphical Identifiable individuals and identifiers Combined with the above, the following personal information or personal information can be used to directly and/or indirectly identify an individual. Name and surnameEmail addressPhone numberHome addressDate of birthRaceGenderPolitical opinionsCredit card numbersData held by a hospital or doctorPhotograph where an individual is identifiableIdentification card numberA cookie IDIP addressLocation DataAdvertising id from phone Personal data that relates to an identifiable individual In this category, data that is used for learning or making a decision about an individual or that relates to an individual is considered personal data. This can also include data that, after processing, could have an impact on the individual. This all comes down to how the data is processed and used. A predominant example of this is a photographer taking a photo, which includes individuals, license plates, and other identifiers. This scenario does include personal data and wouldn’t be subject to GDPR rules. However, if that photograph is leveraged by law enforcement or investigative authorities to identify individuals, then it would be considered as processing data about identifiable individuals. Share this post with your network: Facebook Twitter LinkedIn