Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Definition of personal data

  Quote
Guest
Guest user Created:   Apr 18, 2018 Last commented:   Apr 18, 2018

Definition of personal data

1. GDPR: Where can I get an itemized list of what personal data can be?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Apr 18, 2018

2. GDPR Questionnaire: Is there some document to assist us on determining if the question is applicable or not?

Answers:

The definition of personal data provided by EU GDPR article 4 “Definitions” (https://advisera.com/gdpr/definitions/ ) “any information relating to an identified or identifiable natural person” especially the use of the word “any” makes it virtually impossible to have an exhaustive list. This is the reason I have never came across with a 100% complete list of personal information nor I believe that this can be achieved.
So, if you want to have a taxonomy of personal data you should first of all make sure that not exhaustive.

You can use the following as an example :
□ Personal master data (e.g. Name, surname, date of birth,)
□ Communication data (e.g. telephone, e-mail, address)
□ Contract master data (contractual relationship, product or contract interest)
□ Customer history
□ Contractual invoicing and payment data
□ Planning and control data.
□ Academic and professional data (training / qualifications, professional experience).
□ Employment details (work center, job position and department).
□ IP addresses
□ Transaction data;
□ Others...

For sensitive personal data:

☐ Racial or ethnic origin
☐ Political opinions, religious or philosophical beliefs
☐ Trade union membership
☐ Genetic data
☐ Biometric data
☐ Health data
☐ Sex life or sexual orientation
☐ Criminal record

Regarding the assessment is difficult to predict which question are applicable to your particular situation and which are less relevant or not applicable. This is why the questionnaire should be filled in by someone that knows the business in conjunction with someone which is familiar with the privacy field.

Quote
0 0
Guest
ip_lawfirm-canada Apr 18, 2018

Does this mean simply having a name and an email address constitutes personal data? I'm thinking just running an email server might necessitate taking in personal data on a continuous basis. Any feedback on the second part?

Quote
0 0
Guest
ip_lawfirm-canada Apr 18, 2018

I was also asking for an itemized list of personal data if that is possible. It doesn't need to be 100% comprehensive. The purpose is to increase awareness of what personal data is.

Quote
0 0
Expert
Andrei Hanganu Apr 20, 2018

1. I already presented some examples while answering the previous question. I added bellow another itemization that might serve you better for awareness purposes:

Normal personal data

Personal identification data and characteristics (of data subjects, family members)
Name, nickname, data of birth, age, personal identification number (CNP), series/no of national ID/passport, phone number, eyes color, birthmarks etc.
Lifestyle information
Social contacts, public figure, hobbies, recognitions, affiliations
Financial data
Bank account number, financial transactions, salary/bonuses, financial history (Credit Bureau)
Employees data related to
Studies, certifications, trainings, work travels, disciplinary investigations, background checks
Other
Video/audio recordings, cookies, access logs, IP addresses, GPS/geolocation data

Special personal data

Personal data revealing...
Racial/ethnic origin, political opinions, religious/philosophical beliefs, trade union membership
For the purpose of uniquely identifying a natural person
Biometric data
Data concerning...
Health, sex life, sexual orientation
Genetic data
Data relating to...
Criminal convictions, offences, security measures

2. To put it bluntly names and email addressed are personal data.

Quote
0 0
Renzo Luzzatti May 04, 2018

The answer is not simple, just a name and e-mail address is not in itself personally identifiable information. A posteo.de account can be set up in a fairly anonymous manner and if I am careful you can't use it to find me or my other persona. Collecting more information or correlating information to trace back to an individual (like birthdate or bank details) turns the data set into personally identifiable information.
Selling or sharing the data to someone who can use big data to profile individuals would be a problem under GDPR unless you clearly told people that is what you are doing with the data before they grant you access.
Certain privacy nerds have always held information carefully, e.g. if I don't trust you then you get a spam mail address tha is used for no one but you. I have roughly 15 myself and only use 3 for outgoing mail.
#MaytheFourthbewithyou

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 18, 2018

May 04, 2018

Suggested Topics

Guest user Created:   Apr 07, 2018 EU GDPR
Replies: 1
0 0

Creation of the GDPR privacy notice

Guest user Created:   Jan 06, 2020 EU GDPR
Replies: 1
0 0

Personal data definition