Is there a document available online which lists everything that is considered GDPR personal data?

In the General Data Protection Regulation, the personal data definition is formulated very generally. Below, we list some examples. However, given the breadth of the regulation, it is not easy to list all the types of data that are considered personal.

The GDPR regulation applies to any kind of data concerning a determinate or determinable individual.  Below we listed some examples we see at our customers but there are more;


  1. Personal employee data (name, address, date of birth, etc.)
  2. Information about customers, patients, clients (marketing databases, medical records, contact lists, any contact information)
  3. Data transferred to third parties (accounting books, credit registers, direct marketing)
  4. Non-public personal data of business partners and providers
  5. IP (Internet Protocol) addresses
  6. Cookie identifiers, or others such as Radio Frequency Identification (RFID) tags
  7. Camera records
  8. Iris scan
  9. User ID and passwords - access registration
  10. Smart meter data
  11. Biometric data
  12. Health data
  13. Membership of a labor organization