Blog Compliance GDPR: What is Personally Identifiable Data? November 16, 2022 Jay Trinckes GDPR was established by the EU to protect individuals’ data from malicious actors–and from being inappropriately leveraged in marketing, sales, or any other corporate transaction. GDPR considers personal data a combination of four elements: “any information” “relating to” “an identified or identifiable” “natural person” Let’s break each of those categories down. Natural Person The person must be alive in order to be considered a natural person. Any Information Includes objective information about an individual. Examples: Height Weight Skin tone Hair color Eye color Physical description Foot size Fingerprint Medical condition Medication Biometric This is not limited to a specific format or delivery vehicle. Examples: Audio, Video, Photograph, Numerical, or Graphical Identifiable individuals and identifiers Combined with the above, the following personal information or personal information can be used to directly and/or indirectly identify an individual. Name and surname Email address Phone number Home address Date of birth Race Gender Political opinions Credit card numbers Data held by a hospital or doctor Photograph where an individual is identifiable Identification card number A cookie ID IP address Location Data Advertising id from phone Personal data that relates to an identifiable individual In this category, data that is used for learning or making a decision about an individual or that relates to an individual is considered personal data. This can also include data that, after processing, could have an impact on the individual. This all comes down to how the data is processed and used. A predominant example of this is a photographer taking a photo, which includes individuals, license plates, and other identifiers. This scenario does include personal data and wouldn’t be subject to GDPR rules. However, if that photograph is leveraged by law enforcement or investigative authorities to identify individuals, then it would be considered as processing data about identifiable individuals. Learn more about GDPR and how you can become GDPR compliant here. GDPR Get GDPR compliant with automation and expert guidance The General Data Protection Regulation (GDPR) is a European Union (EU) regulation concerning the protection of personally identifiable information (PII) of EU citizens. Thoropass’s GDPR compliance automation software and expert guidance gets you GDPR compliant quickly and efficiently. Get GDPR compliant icon-arrow Share this post with your network: Facebook Twitter LinkedIn