What is personal data?
Personal data is any information about an identified or identifiable natural person. This can be anything from name, address and date of birth to biometric data such as fingerprints and facial recognition. Information about a person’s health, religion, sexual orientation or political beliefs is also considered personal information.
Insight into personal data
As an individual, you have the right to gain insight into the personal data that processors have registered about you. This applies to companies, public authorities and organisations. You can ask for insight into your personal information by contacting the company or authority that you believe has registered the information. They must then give you access to the information and tell you where it comes from, what it is used for and who has access to it.
Personal information and GDPR
GDPR (General Data Protection Regulation) is a regulation from the EU that entered into force on 25 May 2018. The regulation aims to protect the personal information of EU citizens and strengthen their rights in relation to their personal data. Compliance applies to all companies and organisations that collect, process or store personal data from EU citizens, regardless of where they are in the world.
When can you have your personal data deleted?
You have the right to have your personal information deleted if it is no longer necessary for the purpose for which it was collected. In addition, you also have the right to have your personal information deleted if the processing of the information is illegal or in breach of the General Data Protection Regulation (GDPR).
Protection of personal data
Many countries have legislation that protects personal information. In the EU, for example, there is the General Data Protection Regulation (GDPR), which regulates the processing of personal information within the EU. The GDPR stipulates, among other things, that personal data must be processed in a fair and transparent manner and that it must only be used for specific purposes to which the registered person has given consent. The GDPR also requires personal information to be protected against unauthorised access, accidental or unlawful destruction, loss or alteration.
Other countries have their own privacy laws. In the United States, for example, there is the California Consumer Privacy Act (CCPA), which went into effect in 2020. The CCPA gives California citizens the right to know what personal information companies collect about them and to demand that their information be deleted. The CCPA also requires businesses to protect personal information from unauthorised access, accidental or unlawful destruction, loss or alteration.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
What is not personal data?
Not all information that can be linked to an individual is personal information. To be personal information, the information must be able to identify a person directly or indirectly. Some examples of information that is not normally considered personal data are:
- Information about a company that does not contain name, address, telephone number or other personal information.
- Anonymous information that cannot be linked to a specific person, e.g. statistical information about the number of visitors to a website.
- Aggregate information that is compiled from many different sources and cannot identify individuals.
- Publicly available information, e.g. information in telephone books or on the companies’ websites.
Categories of personal data
In relation to privacy regulations, personal data is divided into the following categories depending on the type of information:
1. Race and ethnic origin: A person’s affiliation with the African diaspora or Scandinavian origin.
2. Political belief: A person’s affiliation with a particular political party or ideology, e.g. membership of a political party.
3. Religious or philosophical beliefs: A person’s beliefs, such as Christianity, Islam, Humanism or Atheism.
4. Trade union affiliation: A person’s membership of a trade union or participation in trade union activities.
5. Genetic data: Information about a person’s genetic makeup, e.g. information about hereditary diseases or genetic relatedness.
6. Biometric data: Fingerprint, facial recognition or iris print used for unique identification.
7. Health information: Information about a person’s state of health, including medical history, medication and health examinations.
8. Sexual information: Information about a person’s sexual preferences or identity, including homosexuality or heterosexuality.
It is important to note that the categories of personal information may vary depending on the laws of the country or territory concerned. For example, some countries may have special protection rules for personal data related to ethnic and cultural information.
Personal information on the web
With the increasing use of the internet and social media, it has become even more important to protect an individual’s data online. When using the Internet and social media, you may be asked to share personal information, e.g. name, address, date of birth, telephone number and e-mail address. This information may be used by companies and organisations to target their marketing or to collect information about you.
When sharing personal information online, it is important to be aware that the information may be seen by many people. It is also important to ensure that websites and social media that you use protect your personal information using security measures such as SSL encryption and two-factor authentication.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Is personal data sensitive?
Some personal data is considered sensitive. Sensitive personal data includes information about race, ethnic origin, political beliefs, religion, trade union membership, health conditions and sexual preferences. This information is often protected by laws that limit how it can be used and shared.
It is important to protect sensitive personal information as it can be used to discriminate against individuals. Companies and organisations are required to protect this information and ensure that it is only used for the purposes for which it was collected.
Remember this when you process personal information
Personal data is information that identifies an individual. This information can be used to target marketing, conduct background checks and more. It is important to protect personal information and only share it with trusted sources. By protecting personal data, we can ensure that it is only used for the purposes for which it was collected and avoid that it is misused or discriminates against individuals. If you need help processing personal information properly, read more about our tools here:
DataMapper – Find your sensitive data
ShareSimple – Send and receive data securely in Outlook
RequestManager – Process data subject requests easily
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →