No doubt you’ve heard of the General Data Protection Regulation (GDPR) act introduced by the European Union by now. Some companies – such as Facebook and Google – have already been accused of breathing the legislation; which protects EU citizens from having their personal data misused. It also gives them more control over their personal data. So, just what IS personal data?
How the GDPR defines personal Data
The GDPR defines personal data as information related to someone that can be used to identify them; directly or indirectly. The reality is that personal data can be just about anything. The main things that are considered to be personal data are:
Your name and picture
Your name is one of the most obvious pieces of personal data there is. Combine it with a photo of you and someone can identify you in seconds. Other people can share your name, which is why it might not be enough, but there’s no denying the combination of both a name and photo.
Your email address is likely connected to your other data. There are websites that can tell you who owns a particular email address. It also allows people to contact you without your consent, something else the GDPR aims to crack down on.
Most people think nothing of giving their home address away to services they use. That is, until they get junk mail and realize that people they don’t know have their address – and that they got it without their consent.
Would you want someone to know your bank details without your permission? Of course you wouldn’t. You might not even realize that your banking details may have been sold.
Medical information is a deeply personal and intimate piece of information. Your health is something that should be kept private and personal. It’s another piece of important personal information you might not realize has been given up without your consent.
Your IP address is connected to your computer. It is something that can be used to identify your location, name, address, and possibly even your internet history. If you ever want to know what your IP address says about you, then just try using an IP lookup service yourself.
Biometric data is things such as your finger print or retina. You might use biometric data to unlock your devices. Obviously your devices will store this information. Given that this information can be used by your device, it’s no surprise it can be used by people.
Racial and ethnic data
This is information about your race or ethnicity. Advertisers are known to target specific races and people from specific countries, and this information allows them to do that.
Political opinions aren’t just something that can be used to identify you; they can be used to attack you and even discredit you. If you’re the kind of person that wants to keep your political opinions to yourself, you probably wouldn’t want strangers on the internet knowing them.
Your sexual orientation is something else you may wish to keep private.
To put it simply, personal information really could be anything. If it’s something about you, anything at all, then it’s personal information and the GDPR is there to protect it.