Personal Data

From Open Risk Manual

Definition

Personal Data denotes any Dataset that pertains to a particular Natural Person. Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person [1], [2]

The scope of personal data is very wide, covering in-principe all human activity. An informal definition consists of any data directly or indirectly associated or related to an individual. This definition is overlapping with the ISO/IEC definition of Personally Identifiable Information (PII).

Examples

The name and the social security number are two examples of personal data which relate directly to a person. But the definition also extends further and also encompasses for instance e-mail addresses and the office phone number of an employee. Other examples of personal data can be found in information on physical disabilities, in medical records and in an employee's evaluation.

Personal data which is processed in relation to the work of the data subject remain personal/individual in the sense that they continue to be protected by the relevant data protection legislation, which strives to protect the privacy and integrity of natural persons. As a consequence, data protection legislation does not address the situation of legal persons (apart from the exceptional cases where information on a legal person also relates to a physical person).

See Also

References

  1. Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
  2. Article 3 (1) of Regulation (EU) 2018/1725