Complianz Privacy Suite

What is personal data

Mathieu

Mathieu

Categories

Popular articles

Editing Legal Documents

The legal documents are generated by the Wizard and will show up under ‘Pages’ with a shortcode in the content. This shortcode is used to

Read More

CNIL updated privacy guidelines

While the much-anticipated ePrivacy directive seems to be postponed for some years, local Data Protection Authorities formulate their statements, which provide us with concrete guidelines

Read More
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

The General Data Protection Regulation (GDPR) states that personal data is all information about an identified or identifiable natural person. If a personal data – whether or not in combination with other data – can identify a person without making a special effort, then privacy is at stake. For example name and address details.

Personal data also includes e-mail addresses, passport photos, fingerprints and IP addresses. And data that gives a rating about a person, for example someone’s IQ.

Whether or not a personal data is involved is partly determined by the context. The profession of a person is considered as personal data, but in itself, it does not give the possibility to identify a person. The profession of a nuclear physicist in combination with other data can identify a person. If we know that the nuclear physicist lives on Ibiza, we might know who it is about.

What is sensitive personal data?

The GDPR defines some categories of personal data as sensitive personal data. This includes data that, if leaked, could make a serious impact on an indiviual’s privacy. Examples of sensitive personal data are: religious data, race, medical data, criminal records, Social Security Number, etc. Extra safety guidelines and regulations apply to organizations that process this kind of data.

The GDPR and personal data

The GDPR provides guidelines when processing personal data of citizens of the EEA (European Economic Area). In short, concerning WordPress websites, the following principles are to be taken into account:

  • Provide a privacy statement, in which you describe how you handle personal data, and for which purposes
  • When disclosing data to third parties or processors, you’ll probably need to sign processing agreements with these parties
  • Define a lawful basis for any form of the processing of personal data
  • When using cookies, the lawful basis for processing in most cases is consent. Therefor most websites will need a cookiebanner
  • The consentbanner needs to link to a cookie policy, which clearly states the placed cookies, along with information like purpose and persistence
  • When storing information (other than via the use of cookies), we have to provide the possibility to execute several rights, like the right of acces and the right to rectification

While it seems that the big fuzz about cookies began with the enforcement of the GDPR, the upcoming ePrivacy Directive gives us more concrete guidelines on how to handle cookies and consent. This why the Complianz plugin is built according to the latest draft of the ePrivacy Directive

The CCPA and personal data

The CCPA is, in many ways, a lot like the GDPR and applies to the processing of data of all California residents. We go more in-depth of this legislation in our blog about the CCPA. In regard to personal data and WordPress websites, we have to take the following into account:

  • Provide a privacy statement. There are some differences as for the requirements to this document compared to the GDPR.
  • There is no need to ask for consent, however websites need to clearly state the use of cookies. So a cookiebanner is also required.
  • Websites must provide the possibility to opt-out of the processing of personal data (placed cookies)

Related articles