Personal data

From The Jolly Contrarian
Revision as of 16:45, 18 June 2024 by Amwelladmin (talk | contribs) (Created page with "{{a|gdpr|}}Personal data is defined in UK GDPR as {{quote| “... any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
General Data Protection Regulation
Index: Click to expand:
Tell me more
Sign up for our newsletter — or just get in touch: for ½ a weekly 🍺 you get to consult JC. Ask about it here.

Personal data is defined in UK GDPR as

“... any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

This we think means that the referent needs to be able to sheet back, in your hands, to a specific individual. So a permanent or at any rate public identification number (a passport, NI or driver’s licence number) would; a car licence plate would not (the registered owner may not be the driver); a randomly generated unique identifier designed specifically to mask an individual’s identity when being processed would not be, as long as the controller did not have any means — even if separately segregated — or decrypting or reverse engineering that individuals’ details.

In that latter case — where you hold encrypted data in one place and a key elsewhere — you have pseudonymised information, and you are still in the cross-hairs for GDPR.


See also