The EU designed the new General Data Protection Regulation legislation (GDPR) to give people back control of their personal data. Come the 25th of May, 2018, all businesses will need to review how they collect, store and dispose of data.

But how will the GDPR affect how we define personal data?

The GDPR defines personal data as:

“Data from which a living individual can be identified or identifiable (by anyone), whether directly or indirectly, by all means reasonably likely to be used.”

By keeping the same, relatively broad definition, the term ‘personal data’ will now account for a range of personal identifiers, for example:

  • Names
  • Identification number
  • Location data
  • Online identifiers (IP addresses, mobile device ID numbers)

Additionally, the GDPR will account for developments within technology and in the way organisations collect people’s information, as well as how they store and dispose of it.

The GDPR applies to both automated and manual filing systems where, using specific criteria, someone could find personal data. Even personal data stored under a pseudonym can fall under the GDPR umbrella. However, this will often depend upon how hard or easy the pseudonym makes identifying an individual.

How will the GDPR affect how we define sensitive personal data?

In addition to personal data, the GDPR also refers to categories of sensitive personal data. For instance, these categories include:

  • Religious or philosophical beliefs
  • Racial or ethnic origin
  • Political opinions

This data specifically includes genetic data (for medical purposes), as well as bio-metric data (fingerprints, facial recognition etc.).

It is essential for all businesses to review how they handle data, and in particular, how they protect it.

For more information on the basics of GDPR, or a quick guide to compliance, view more of our countdown to GDPR blog posts:

You can book Mackman’s bespoke GDPR health check today, contact us on 01787 388038 or email at