Wednesday, December 7, 2016
What is Personal Data? Simple Examples From Everyday Life
Over the last months we discussed on our blog the new data privacy laws in the European Union (the General Data Protection Regulation, GDPR). At one point we became aware that many among us are not really sure what personal data actually is. Which data is sensitive and personal? Which data has to be protected extensively by companies who process it?
We collected what falls under personal data and summarized it in categories in an infographic. Is your hair color, your height, your favorite band or your opinion on Donald Trump personal data? Feel free to jump to the end of the article, if you want to look at the infographic first.
Especially companies, institutions and business people profit from a clear understanding of personal data. They have to protect it, to safeguard the privacy of their customers and partners and to avoid drastic fines that come with the new EU GDPR. But customers and users should know which of their data is espcially sensitive as well.
To know what falls under personal data is the foundation of protecting this data and enforcing strict privacy.
The European Definition of the GDPR that Affects all Businesses Operating Globally
There is not a simple answer to what personal data is, mainly, because states define it individually and because sometimes legal texts cause more confusion than clarity. Here we will discuss the new European data privacy law that will matter for every business handling personal data of European citizens when it becomes effective in 2018. When in doubt, we focus on German interpretations of the definition of personal data, which are very strict.
The new General Data Protection Regulation (GDPR) of the EU defines personal data like this:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’);
Personal data is everything that relates to an identifiable, natural person. The next sentence in the definition clarifies what makes a person identifiable:
an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (GDPR, page 33)
Different aspects of the identity of a person are listed. It is a good thing, that not only physical factors, but also your cultural and social identity are considered. Your hair color, your medical history and your height are just as much nobody’s business as your political opinion and your religion.
All data that is related to any of those aspects of your identity, as described in the GDPR definition, counts as personal data and needs special protection if you are identifiable by it.
Personal Data and Examples
To provide you with an overview we collected examples of personal data, as it is defined in the new European data regulations. You will find our infographic at the end of the text.
How Businesses Can Protect Personal Data and Why they Should Focus on it
Companies have to take extra security measures to protect personal data. Not only because it is the right of every individual to keep that data private and secure and businesses have to protect that right when individuals become their customers, employees, or associates. But also because it is damaging for the reputation of a company, when a data breach jeopardizes that right to privacy, and because there can be painful fines if it turns out that a business handled personal data carelessly.
There are several possibilities to protect data, for example by tokenization, pseudonymisation and complete encryption. With encryption, personal data becomes unrecognizable, therefore the person becomes unidentifiable. Some even say that encrypted personal data does not fall under personal data anymore.
The new GDPR has strict rules about storing and processing data outside the EU. Since many cloud providers are located in the USA this can become a problem for secure and legal cloud storage. However, if data is encrypted by state of the art without any possibility that a third party could gain access, storing data in the cloud is all right even after the European GDPR.
Conclusion: Businesses have to be careful when handling personal data of their employees, customers, or users, when they want to avoid fines. State of the art end-to-end encryption allows you to store data wherever you want.
Free Infographic: Examples of Personal Data out of Everyday Life
Is your hair color, shoe size, your working hours and sick days, as well as your religion and your opinion on Donald Trump personal data? Find out in our infographic. Share it with your friends and colleagues, with whoever you think could profit from it.