• About us
  • Pricing
  • Services
    • Consultancy
    • Training
  • Partners
  • Resources
  • Contact
  • Login
  • Try for FREE
The pros and cons of relying on legitimate interest in GDPR
April 7, 2018
Less than one month until GDPR comes into force
What can I do with one month till GDPR comes into force?
April 30, 2018
April 27, 2018
What is personal data?

What is personal data? I don’t process personal data, GDPR doesn’t apply to me!

Many people say to us “I don’t process personal data, GDPR doesn’t apply to me”. But with personal data covering everything from a name and a business or personal email address to an IP address, we are always compelled to ask “are you sure?”

So what is personal data under GDPR?

The definition of personal data under the General Data Protection Regulation (GDPR) is very broad. It includes anything that:

  1. Allows someone to uniquely identify another person directly, and
  2. Allows someone to uniquely identify another person using other information that’s available.
This definition doesn’t just relate to your customers or clients but to your employees, contractors, suppliers, donors or any other contacts that you deal with in the process of doing business.
What is personal data?

List of personal data

The first part of the GDPR definition of personal data, in its most basic form, can include:

  • A name
  • Photos or video footage of people (including CCTV)
  • A computer and phone IP addresses
  • An individual email address (business or personal)
  • An individual’s phone number

Using other information that’s available

But it’s the second part of the definition of personal data under GDPR that can make things more complicated. For example, you might have a list of employees that only uses their employee number - but this can still be deemed personal data if other people have access to a list of employee numbers.

Context specific personal data

And to make things even more complicated, sometimes exactly what qualifies as personal information can change depending on the context, for example, ‘the business development manager at company X’ might be personal information if Company X only has one business development manager. If there’s more than one, it doesn’t identify an individual, so would not on its own be considered personal data.

Personal data and levels of risk

Personal data must always be protected, but different measures are appropriate to different types of information.

Special category personal data There are certain types of information that you might hold that are deemed ‘special category’. This includes information on health, beliefs, sexuality and biometric data. You might not process this type of information about customers but what about your employees? Do you hold health information about them as part of your health & safety legal obligations?

You won’t be surprised to know that you are required to provide extra safeguards to special category personal data that you process.

So do you process personal data?

Hopefully this blog has persuaded you that you do process personal data in the course of your business, in which case you need to take steps to become GDPR compliant. But don’t worry, help is at hand. Astrid helps small businesses improve their data protection and become GDPR compliant. Developed with SMEs in mind, our secure online platform shows you what you need to do, and gives you the tools and information you need - all broken down into practical, manageable steps. Find out more about our services. And if you still think you don’t process personal data then please drop us a line - we are fascinated to find out how you do business without it!

If you process personal data, it is likely that you should pay a data protection fee to the ICO. Find out more about the ICO data protection fee including who the ICO is, why there is a fee and who is exempt from registering.


Protect your business - become and remain GDPR compliant with Astrid

 
Subscribe today
 
Share
Nicki Chennells
Nicki Chennells

Related posts

February 24, 2022

GDPR and CCTV cameras in vehicles – are you still compliant with data protection laws?

Read more

Leave a Reply Cancel reply

You must be logged in to post a comment.

Astrid Data Protection Ltd.

24 John Clare Close
Brackley
Northamptonshire
NN13 5GG

Useful links

  • Home
  • About us
  • Pricing
  • Services
  • Partners
  • Resources
  • Contact
  • Privacy notice
  • Cookie policy
Company number: 11166227 - ICO registration: ZA310233 - © 2018 Astrid Data Protection Ltd.
Astrid Data Protection Ltd uses cookies on this website. Some are essential, others improve functionality and track your use of the site to help us improve it. You can reject the functionality and tracking cookies using the Reject button. To find out more read our cookie policy. Accept Read More Reject
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT