Skip to main content

What is personal data?

Personal data is any information about an identified or identifiable natural person. This can be anything from name, address and date of birth to biometric data such as fingerprints and facial recognition. Information about a person’s health, religion, sexual orientation or political beliefs is also considered personal information.



Insight into personal data

As an individual, you have the right to gain insight into the personal data that processors have registered about you. This applies to companies, public authorities and organisations. You can ask for insight into your personal information by contacting the company or authority that you believe has registered the information. They must then give you access to the information and tell you where it comes from, what it is used for and who has access to it.


Personal information and GDPR

GDPR (General Data Protection Regulation) is a regulation from the EU that entered into force on 25 May 2018. The regulation aims to protect the personal information of EU citizens and strengthen their rights in relation to their personal data. The GDPR applies to all companies and organizations that collect, process or store personal data from EU citizens, regardless of where they are in the world. Read more about it here.


When can you have your personal data deleted?

You have the right to have your personal information deleted if it is no longer necessary for the purpose for which it was collected. In addition, you also have the right to have your personal information deleted if the processing of the information is illegal or in breach of the General Data Protection Regulation (GDPR).



Protection of personal data

Many countries have legislation that protects personal information. In the EU, for example, there is the General Data Protection Regulation (GDPR), which regulates the processing of personal information within the EU. The GDPR stipulates, among other things, that personal data must be processed in a fair and transparent manner and that it must only be used for specific purposes to which the registered person has given consent. The GDPR also requires personal information to be protected against unauthorized access, accidental or unlawful destruction, loss or alteration.

Other countries have their own privacy laws. In the United States, for example, there is the California Consumer Privacy Act (CCPA), which went into effect in 2020. The CCPA gives California citizens the right to know what personal information companies collect about them and to demand that their information be deleted. The CCPA also requires businesses to protect personal information from unauthorized access, accidental or unlawful destruction, loss or alteration.

Want to clean up your emails for sensitive information?

With an analysis scan by DataMapper, you can have all Outlook accounts in your company scanned. You will receive key statistics on all (current and former) employees' emails - including information on which emails, employees and processes generate GDPR risk.

What is not personal data?

Not all information that can be linked to an individual is personal information. To be personal information, the information must be able to identify a person directly or indirectly. Some examples of information that is not normally considered personal data are:

  • Information about a company that does not contain name, address, telephone number or other personal information.
  • Anonymous information that cannot be linked to a specific person, e.g. statistical information about the number of visitors to a website.
  • Aggregate information that is compiled from many different sources and cannot identify individuals.
    Publicly available information, e.g. information in telephone books or on the companies’ websites.


Categories of personal data

Personal information can be divided into different categories depending on the type of information. Some common categories of personal information include:

  • Identity information: name, address, e-mail address, telephone number, CPR number, etc.
  • Financial information: credit card information, bank information, payment history, etc.
  • Medical information: health information, prescriptions, medical records, etc.
  • Employment information: employment history, salary information, employment contract, etc.
  • Criminal information: convictions, criminal records, police records, etc.
  • Biometric information: fingerprints, facial recognition, DNA profiles
  • Other categories of personal data may include educational information such as diplomas, information about a person’s gender, race, religion or sexual orientation.

It is important to note that the categories of personal information may vary depending on the laws of the country or territory concerned. For example, some countries may have special protection rules for personal data related to ethnic and cultural information.



Personal information on the web

With the increasing use of the internet and social media, it has become even more important to protect an individual’s data online. When using the Internet and social media, you may be asked to share personal information, e.g. name, address, date of birth, telephone number and e-mail address. This information may be used by companies and organizations to target their marketing or to collect information about you.

When sharing personal information online, it is important to be aware that the information may be seen by many people. It is also important to ensure that websites and social media that you use protect your personal information using security measures such as SSL encryption and two-factor authentication.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

Is personal data sensitive?

Some personal data is considered sensitive. Sensitive personal data includes information about race, ethnic origin, political beliefs, religion, trade union membership, health conditions and sexual preferences. This information is often protected by laws that limit how it can be used and shared.

It is important to protect sensitive personal information as it can be used to discriminate against individuals. Companies and organizations are required to protect this information and ensure that it is only used for the purposes for which it was collected.



Remember this when you process personal information

Personal data is information that identifies an individual. This information can be used to target marketing, conduct background checks and more. It is important to protect personal information and only share it with trusted sources. By protecting personal data, we can ensure that it is only used for the purposes for which it was collected and avoid that it is misused or discriminates against individuals. If you need help processing personal information properly, read more about our tools here:

DataMapper - find your sensitive data
ShareSimple - send and recieve data securely in Outlook
RequestManager - process data subject requests easily

Sebastian Allerelli

Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →