GDPR Basics: What is Personal Privacy Data?
It has been more than two years since the General Data Protection Regulation (GDPR) went into effect. Personal privacy continues to be a topic of immense importance for people and companies around the world. We are going to cover some basics of privacy in this and future posts.
“Personal Data” is any information relating to an identified or identifiable natural person, or “Data Subject”. An identifiable Data Subject is defined as someone who can be identified, directly or indirectly, by data such as:
- A name
- An identification number
- Location data, including IP address
- Online identifier, including web cookies or tokenization
- Other factors relating to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Sensitive Personal Data
“Sensitive Personal Data” is of special interest to GDPR, and collection and processing of it invites more scrutiny in a GDPR Compliance audit.
- Details of racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic and biometric information
- Sex life or orientation
- Health records
Suppose you have guest speakers at your events, and through invitation you encounter a speaker who requires only kosher food to be served. Your event planners take note of that, as does HR. This constitutes collection and possible processing of Sensitive Personal Data. Any business process that handles personal data, sensitive or not, should have that process owner contact your DPO or designated authority as you may need to meet further conditions to safeguard the data before collection and processing.