Personal data: Difference between revisions

From The Jolly Contrarian
Jump to navigation Jump to search
Created page with "{{a|gdpr|}}Personal data is defined in UK GDPR as {{quote| “... any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or..."
 
No edit summary
Line 1: Line 1:
{{a|gdpr|}}Personal data is defined in UK GDPR as
{{a|gdpr|}}Personal data is defined in UK [[General Data Protection Regulation|GDPR]] as


{{quote|
{{quote|
Line 6: Line 6:
This we think means that the referent needs to be able to sheet back, in your hands, to a ''specific'' individual. So a permanent or at any rate public identification number (a passport, NI or driver’s licence number) would; a car licence plate would not (the registered owner may not be the driver); a randomly generated unique identifier designed specifically to mask an individual’s identity when being processed would not be, as long as the controller did not have any means — even if separately segregated — or decrypting or reverse engineering that individuals’ details.  
This we think means that the referent needs to be able to sheet back, in your hands, to a ''specific'' individual. So a permanent or at any rate public identification number (a passport, NI or driver’s licence number) would; a car licence plate would not (the registered owner may not be the driver); a randomly generated unique identifier designed specifically to mask an individual’s identity when being processed would not be, as long as the controller did not have any means — even if separately segregated — or decrypting or reverse engineering that individuals’ details.  


In that latter case — where you hold encrypted data in one place and a key elsewhere — you have [[pseudonymised information]], and you are still in the cross-hairs for GDPR.
In that latter case — where you hold encrypted data in one place and a key elsewhere — you have [[pseudonymised information]], and you are still in the cross-hairs for [[GDPR]].




{{sa}}
{{sa}}
*[[Pseudonymised information]]
*[[Pseudonymised information]]

Revision as of 16:46, 18 June 2024

General Data Protection Regulation
Index: Click to expand:
Tell me more
Sign up for our newsletter — or just get in touch: for ½ a weekly 🍺 you get to consult JC. Ask about it here.

Personal data is defined in UK GDPR as

“... any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

This we think means that the referent needs to be able to sheet back, in your hands, to a specific individual. So a permanent or at any rate public identification number (a passport, NI or driver’s licence number) would; a car licence plate would not (the registered owner may not be the driver); a randomly generated unique identifier designed specifically to mask an individual’s identity when being processed would not be, as long as the controller did not have any means — even if separately segregated — or decrypting or reverse engineering that individuals’ details.

In that latter case — where you hold encrypted data in one place and a key elsewhere — you have pseudonymised information, and you are still in the cross-hairs for GDPR.


See also