The General Data Protection Regulation (GDPR) states that personal data is all information about an identified or identifiable natural person. If a personal data – whether or not in combination with other data – can identify a person without making a special effort, then privacy is at stake. For example, name and address details.
Personal data also includes e-mail addresses, passport photos, fingerprints and, for example, IP addresses. And data that gives a rating about a person, for example, someone’s IQ.
Whether or not a personal data is involved is partly determined by the context. The profession of a person is considered as personal data, but in itself, it does not give the possibility to identify a person. The profession of a nuclear physicist in combination with other data can identify a person. If we know that the nuclear physicist lives on Ibiza, we might know who it is about.
What is special personal data?
In addition to ordinary personal data, there are special personal data. These are data that are so sensitive that their processing can seriously affect a person’s privacy. Such data may therefore only be processed under very strict conditions. Special or sensitive personal data includes, for example, data that says something about a person’s race, religion, health, criminal record or sexual life. Membership of a trade union and the citizen service number are also special personal data.