The General Data Protection Regulation (GDPR) protects personal data within the European Union. It is applicable to all data in both paper and digital documents, that can be used to identify a person. But what is exactly being understood as ‘personal data’? Are IP addresses personal data? And is encrypted data also considered as personal? In this article, we explain what constitutes personal data in the GDPR.
Personal data in the GDPR definition
According to the GDPR definition ‘personal data’ means: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Learn more about the GDPR.
The GDPR applies to all data concerning EU citizens in every business-related context:
- Customer information
- Vendor information
- Website visitor information (IP addresses are considered as persona data)
- Employee information
Other posts you might like
Please contact us to help you with your digital journey
Enter your email address below to have a digest of our featured blog posts sent to you