Introduction
Protecting the privacy of individuals has become a crucial issue. The GDPR (General Data Protection Regulation), or the AVG (General Data Protection Regulation), is legislation that came into effect in 2018 and aims to strengthen the privacy rights of European citizens and standardize and improve the way organizations handle personal data.
One of the core aspects of the GDPR is defining what data falls under the regulation’s protection. These data, known as personal data, include a wide range of information that can be used directly or indirectly to identify an individual.
Let’s take a closer look at exactly what data is protected by the GDPR.
What are personal data?
Personal data, as defined by the GDPR, includes any information relating to an identified or identifiable natural person.
This can range from the most obvious, such as names, addresses and identification numbers,
to more subtle data such as location data, IP addresses, genetic information, economic and social information, and even online identifiers such as cookies and usernames.
Sensitive data
In addition to personal data, there is also sensitive data, which is subject to stricter protection measures.
These include information about race or ethnicity, political opinions, religious or philosophical beliefs, union membership, health data, sexual orientation, genetic and biometric data.
The processing of such sensitive data is prohibited in most cases except under strict conditions such as explicit consent of the data subject or legal exceptions.
Anonymization and pseudonymization
To comply with the GDPR while enabling useful data processing, techniques such as anonymization and pseudonymization are often used.
Anonymization means removing or redacting personal data in such a way that the data subjects can no longer be identified.
Pseudonymization is the replacement of direct identifying characteristics with fictitious identifiers, making the link between data and individuals more difficult without completely eliminating the possibility of re-identification.
Processing of personal data
Under the GDPR, the processing of personal data is not limited to only its collection, but also includes all operations that can be performed on such data, such as storing, accessing, using, sharing, erasing and destroying it.
Organizations processing personal data must comply with strict principles such as lawfulness, propriety and transparency, purpose limitation, accuracy, storage limitation, integrity and confidentiality, and accountability.
Conclusion
GDPR has had a significant impact on how organizations worldwide collect, use and protect data. By establishing a broad definition of personal data and strict compliance requirements, the regulation has set a new standard for data protection and privacy.
Understanding what data falls under the GDPR is essential for organizations to comply with the legislation while ensuring the trust and privacy of individuals in this digital age.
Suggest an
external DPO
(Data Protection Officer).
Is your company an SME? (an independent company with fewer than 250 employees) Then go for a
GDPR subscription.
