What is Personal Data in the GDPR?

The General Data Protection Regulation (GDPR) is a European Union(EU)-wide regulation that controls how companies and other organizations handle personal data. The GDPR has serious implications for non-compliant website owners serving individuals in the EU.

Article 4(1) of the GDPR defines “personal data” as the following:

“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”

This means that personal data now includes online identifiers such as IP addresses, previously not considered a unique identifier under past regulations. Personal data also includes information that could indirectly identify an individual.

Indirect identification is defined in the GDPR as: “Indirect identification means you cannot identify an individual through the information you are processing alone, but you may be able to by using other information you hold or information you can reasonably access from another source.”

Companies who handle personal data of users in the EU need to take steps to comply with the regulation to avoid hefty fines and penalties by the advisory authority.

Scan your site and learn more about GDPR compliance with CookiePro!