What is personal data?

Privacy

Mathieu

Mathieu

IT Law Specialist

Categories

Most Popular Articles

Subscribe to our newsletter

    For EU Subscribers | Privacy Statement
    For USA Subcribers | Privacy Statement

  • This field is for validation purposes and should be left unchanged.

The General Data Protection Regulation (GDPR) states that personal data is all information about an identified or identifiable natural person. If a personal data – whether or not in combination with other data – can identify a person without making a special effort, then privacy is at stake. For example name and address details.

Personal data also includes e-mail addresses, passport photos, fingerprints and IP addresses. And data that gives a rating about a person, for example someone’s IQ.

Whether or not a personal data is involved is partly determined by the context. The profession of a person is considered as personal data, but in itself, it does not give the possibility to identify a person. The profession of a nuclear physicist in combination with other data can identify a person. If we know that the nuclear physicist lives on Ibiza, we might know who it is about.

What is sensitive personal data?

The GDPR defines some categories of personal data as sensitive personal data. This includes data that, if leaked, could make a serious impact on an indiviual’s privacy. Examples of sensitive personal data are: religious data, race, medical data, criminal records, Social Security Number, etc. Extra safety guidelines and regulations apply to organizations that process this kind of data.

The GDPR and personal data

The GDPR provides guidelines when processing personal data of citizens of the EEA (European Economic Area). In short, concerning WordPress websites, the following principles are to be taken into account:

  • Provide a privacy statement, in which you describe how you handle personal data, and for which purposes
  • When disclosing data to third parties or processors, you’ll probably need to sign processing agreements with these parties
  • Define a lawful basis for any form of the processing of personal data
  • When using cookies, the lawful basis for processing in most cases is consent. Therefor most websites will need a cookiebanner
  • The consentbanner needs to link to a cookie policy, which clearly states the placed cookies, along with information like purpose and persistence
  • When storing information (other than via the use of cookies), we have to provide the possibility to execute several rights, like the right of acces and the right to rectification

While it seems that the big fuzz about cookies began with the enforcement of the GDPR, the upcoming ePrivacy Directive gives us more concrete guidelines on how to handle cookies and consent. This why the Complianz plugin is built according to the latest draft of the ePrivacy Directive

The CCPA and personal data

The CCPA is, in many ways, a lot like the GDPR and applies to the processing of data of all California residents. We go more in-depth of this legislation in our blog about the CCPA. In regard to personal data and WordPress websites, we have to take the following into account:

  • Provide a privacy statement. There are some differences as for the requirements to this document compared to the GDPR.
  • There is no need to ask for consent, however websites need to clearly state the use of cookies. So a cookiebanner is also required.
  • Websites must provide the possibility to opt-out of the processing of personal data (placed cookies)

© Copyright - Complianz 2019