List of personal data
The first part of the GDPR definition of personal data, in its most basic form, can include:
- A name
- Photos or video footage of people (including CCTV)
- A computer and phone IP addresses
- An individual email address (business or personal)
- An individual’s phone number
Using other information that’s available
But it’s the second part of the definition of personal data under GDPR that can make things more complicated. For example, you might have a list of employees that only uses their employee number - but this can still be deemed personal data if other people have access to a list of employee numbers.
Context specific personal data
And to make things even more complicated, sometimes exactly what qualifies as personal information can change depending on the context, for example, ‘the business development manager at company X’ might be personal information if Company X only has one business development manager. If there’s more than one, it doesn’t identify an individual, so would not on its own be considered personal data.
Personal data and levels of risk
Personal data must always be protected, but different measures are appropriate to different types of information.
Special category personal data
There are certain types of information that you might hold that are deemed ‘special category’. This includes information on health, beliefs, sexuality and biometric data. You might not process this type of information about customers but what about your employees? Do you hold health information about them as part of your health & safety legal obligations?
You won’t be surprised to know that you are required to provide extra safeguards to special category personal data that you process.
So do you process personal data?
Hopefully this blog has persuaded you that you do process personal data in the course of your business, in which case you need to take steps to become GDPR compliant. But don’t worry, help is at hand. Astrid helps small businesses improve their data protection and become GDPR compliant. Developed with SMEs in mind, our secure online platform shows you what you need to do, and gives you the tools and information you need - all broken down into practical, manageable steps. Find out more about
our services.
And if you still think you don’t process personal data then please drop us a line - we are fascinated to find out how you do business without it!
If you process personal data, it is likely that you should pay a data protection fee to the ICO. Find out more about the
ICO data protection fee including who the ICO is, why there is a fee and who is exempt from registering.