What is the definition of Personal Data under GDPR?

The General Data Protection Regulation (GDPR), which comes into force of 25 May 2018, is intended to give EU citizens more control over the personal data about them that is held by businesses and organisations. GDPR does not just apply to businesses that are located within the EU, it applies to any business that processes the personal data of EU citizens. This means that the introduction of the GDPR is a global matter, not just a European one.

What is Personal Data?

Different pieces of data are gathered from individuals, by businesses, all the time. These pieces of data can include a name, date of birth, postal address and email address. Data becomes personal data when it can be used to identify an individual. For instance, a name by itself may not be personal data; especially if it’s a very common name. Link that name with an email address and this probably means that an individual can be identified. Both items of information are then considered to be personal data.

GDPR governs all personal data that is processed. This means any data that is gathered, stored or used by a business or organisation. Consent is required to process information, except when there is another legally valid reason for processing.

What is Consent?

The rules surrounding consent have changed somewhat, under GDPR. This is why it is important that businesses are aware of the stipulations concerning consent, in the new regulation. These include that:

  • Data subjects must be aware of what they are consenting to, and consent must be freely given.
  • A positive action must be taken in order to give consent. This means that using pre-checked tick boxes is no longer sufficient.
  • Consent only applies to the specific reason for processing for which it is requested.

It is important that businesses ensure they have consent for processing all personal data, unless there is a valid legal reason for processing. If businesses do not ensure that this is the case, they could be found to be non-compliant. This could result in the imposition of costly fines and other sanctions.