Categories of Personal Data

For example: If this processing includes bank account number, which in its own right is not enough to identify a „Data Subject“, should we include that in the „Categories of Personal Data“ column? What about amounts, dates etc. ?

Answer:

Personal data is defined in EU GDPR article 4 – “ Definitions“ https://advisera.com/gdpr/definitions/ ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physio logical, genetic, mental, economic, cultural or social identity of that natural person. You can easily observe that the definition is very broad.

Coming back to your question you need to put in there also that information which relates to a data subjects and bank account is one of these information. To continue with some examples you can use the following taxonomy:

□ Personal master data (e.g. Name, surname, date of birth,)
□ Communication data (e.g. telephone, e-mail, address)
□ Contract master data (contractual relationship, product or contract interest)
□ Customer history
□ Contractual invoicing and payment data
□ Planning and control data.
□ Academic and professional data (training / qualifications, professional experience).
□ Employment details (work center, job position and department).
□ IP addresses
□ Transaction data (bank accounts, transaction history etc.)

To learn more about personal data under the EU GDPR see this free online training GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//