What is Personal Data?

Posted on by Samantha Harrison
Quick Guide Series GDPR
27
Nov

Information protected under the UK GDPR is known as ‘personal data’. This quick guide article will explain what that is and give you easy to understand examples. Whether you are a business processing data or an individual whose data is being used, this article is for you!

Personal Data Explained

Information protected under the UK GDPR only relates to living individuals. It is information that identifies a person and also includes genetic and location data. The Regulation’s lengthy definition of personal data is stated below.

“Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly. In particular by reference to an identifier such as a name, an identification number, location data or an online identifier. [It also relates] to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Examples of Personal Data

The word examples written on a blackboardTo be defined as ‘personal data’ the information must identify the individual from one or more identifiers or from factors specific to them. In most instances it is simple to decide if information is regulated by the UK GDPR. However, there are also factors that can make a person indirectly identifiable, which are not as easy to spot!

Consider the below examples. It is not always easy to tell if information is personal without some context.

What’s In A Name!

A persons’ full name and the town the live in may not always be considered as personal data. For example, holding data about John Smith in London could refer to many different individuals. However, holding data about Nazir Bolovoski in Crickhowell could easily identify that person. This demonstrates how a name and town may or may not be regulated by the UK GDPR.

Single Identifiers

Not all identifiers mean having lots of information about a person. In some instances, a single number or factor can identify a person without any corroborating data. Unquestionably, if you hold a persons’ passport or national insurance number, you are processing personal information. These types of identifiers are unique to each individual.

Are Descriptions Personal?

You may think that certain describing facts about a person could not be under data protection regulation. Think about hair colour or gender? Impossible to identify someone from that without their name, right? What about if you have the address of a person and know they are female? Alternatively, you may know the man in question has red hair but ony have his address. These descriptive factors combined with an address make the person identifiable.

What is personal data answered in a slide.

What is Special Category Personal Data?

The UK GDPR also regulates the processing of personal data known as ‘special category’ data. This type of information is considered more sensitive than general personal data. Therefore, it is afforded a higher level of care when processing. This is due to the assumption that special category data could be used in a negative or discriminatory way. It is also usually of a sensitive, personal nature to the individual it relates to.

The UK GDPR defines special category data under Article 9 of the Regulation. “Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited”.

This means that processing ‘special categories’ of personal data is prohibited. Unless, one of the conditions under Article 9(2) applies.

  • Explicit consent.
  • Protecting vital interests.
  • Data already made public by the data subject.

When controllers or processors process personal data that is classed as special category, they should complete a data protection impact assessment. This enables the risk and impact associated with proecssing the personal data to be assessed and mitigated.

GDPR Policies & Templates

Know Your Compliance Limited are a market leader in GDPR Policy Templates. Providing templates and compliance manuals to more than 11,000 businesses across the UK. We specialise in data protection policy templates and GDPR Document Toolkits.

You can purchase standalone policies or our bestselling GDPR Toolkit with 98 data protection policies, procedures, templates and checklists. Starting at just £10 for our standalone GDPR policies, you will not find a more professional, compliant templates on the market.

Suitable for all business types and industries and ready to corporate brand. Furthermore, our GDPR policy templates are fully customisable.

Compare Our GDPR Toolkits NOw
Samantha Harrison

Samantha Harrison is a Director at Know Your Compliance Limited, joining the company in 2018 and bringing a wealth of business management and policy development experience with her. She has run and managed her own businesses for more than 30 years and has been pivotal in developing one of the UK's leading portfolios of GDPR policy templates and checklists. Her knowledge and understanding of regulatory compliance and risk management has been invaluable in the company's growth and development.