Personal data

Personal data, also personally identifiable information, is a term in data protection law. In the European context, the term was defined in Art 4 of the GDPR. According to the GDPR, personal data is any information from which a living person can be identified. This also includes partial information that together can contribute to the identification of a specific person, regardless of where and for what purpose the data was collected and in what form it is presented.

Examples of personal data are the surname and first name, the address, the e-mail address, ID card numbers, location data, IP address and health data held by a doctor/hospital. The commercial register number or the company email address are typically regarded as non-personal data.

Only when information has been irreversibly anonymised can it no longer be described as personal data. This means that when information is merely encrypted or pseudonymised, it still is considered personal data when it can be used to re-identify a person. The difference between pseudonymised and properly anonymised is subtle however, and depends on contextual factors. Sometimes information that seems impersonal can still be used to retrieve personal information by linking it to other data sets.

Filed under: