The General Data Protection Regulation (GDPR) has been introduced in the EU with the aim of improving the protection of personal data. Understanding whether an organisation is processing personal data is key to determining whether the GDPR applies.
Article 4(1) GDPR defines personal data as ‘any information relating to an identified or identifiable natural person (‘data subject’)….. by reference to an identifier’
Key points to be aware of:
The GDPR provides some examples:
This list is non-exhaustive, so other pieces of data could be considered personal, including job title, religious beliefs, or even hair colour!!
In order to process this data, a company must have a lawful basis under Article 6 of the GDPR
This is data that is deemed to be of a more sensitive nature (i.e. the data you really don’t want others to know about you), therefore requires increased protection, as it could create more significant risks to an individual’s rights and freedoms.
Examples: race or ethnic origin, religious or philosophical beliefs, health, genetic or biometric data etc.
With special category data, as well as requiring a lawful basis for processing under Article 6, one of the conditions under Article 9 must be satisfied.
Anonymisation of data ensures individuals can’t be identified from it directly or indirectly, so it is no longer classed as personal data and not subject to the GDPR – making sharing data easier. Removing direct identifiers from a dataset, reducing the precision of variables and generalising findings are just a few ways of anonymising data.
Fill in your details below and we’ll get back to you as soon as possible