According to the GDPR, ‘personal data’ is any information about a particular person (so-called data subject) through which a particular person can be identified. Typical examples are name, surname, address, age, gender, and so on. A person - data subject is considered to be identifiable through personal data if this data is specific enough or in such combination that the subject (person) can be identified.
In other words, any information, written or multimedia, that can lead to identification of a concrete person, is considered personal data.
What are the most common pieces of personal information?
- name and surname
- permanent address
- mailing address
- email address
- telephone number
- place of birth
- birth certificate number or state issued ID (e.g. ID card number, Passport number, Driving license number)
- marital status
- health handicap
- photo, video or audio recording
- IP address
A special category of personal data is so-called sensitive personal data
What are the basic principles of personal data processing?
Personal data should be stored and processed by the data controller in accordance with the following basic principles defined by the GDPR:
- correctness (accuracy)
- time limitation (given by the purpose of data storage and processing)