In the General Data Protection Regulation, the personal data definition is formulated very generally. Below, we list some examples. However, given the breadth of the regulation, it is not easy to list all the types of data that are considered personal.
The GDPR regulation applies to any kind of data concerning a determinate or determinable individual. Below we listed some examples we see at our customers but there are more;
- Personal employee data (name, address, date of birth, etc.)
- Information about customers, patients, clients (marketing databases, medical records, contact lists, any contact information)
- Data transferred to third parties (accounting books, credit registers, direct marketing)
- Non-public personal data of business partners and providers
- IP (Internet Protocol) addresses
- Cookie identifiers, or others such as Radio Frequency Identification (RFID) tags
- Camera records
- Iris scan
- User ID and passwords - access registration
- Smart meter data
- Biometric data
- Health data
- Membership of a labor organization
