What is personal data and how do you define it?
In a world where we spend increasing amounts of our time online, we are all divulging more and more personal data - and doing it more frequently too. We are all, as a result, leaving ourselves open to risk by disclosing key information about us personally. That risk can mean we are subject to identity theft or extortion if that data is then used unlawfully.
As a result, governments in Europe established the GDPR as a piece of legislature that gave European citizens more control over personal information that identified them. It was done so to amalgamate different sets of rules that had been established in individual countries in a bid to streamline and simplify laws surrounding personal data.
But what exactly is personal data? And how do you define it? Here, we look to answer those questions as well as exploring how to handle personal data according to the latest EU GDPR laws. It is imperative to know the GDPR framework inside out if you need to collate any personal data. Be that from just a couple of people to a couple of thousand. Without knowing what or how to collate information, you are far more likely to breach the GDPR. You are then liable to the penalties or fines that can be imposed upon you as a result.
What is personal data and how do you define it?
Personal data is a set of information that helps identify an individual. The pieces of personal data can vary. However, if a selection of data that is used together can identify a person, then all that data is defined as personal data.
There are several types of personal data that can help identify a living person. They can be:
- Names (first and last)
- Biometric data
- IP addresses
- Genetic data
These are only a few, but it goes to show that there are broad overarching categories that personal data can fall into. The result is that companies must be very careful when collating such data. If you are collecting personal data, you need to be aware that what you are collating is personal data in the first place. Secondly, you need to be aware that your actions, subsequent to collecting data, are subject to the law.
How can you handle personal data according to GDPR?
How you handle personal data is almost as important as knowing what data you have on your records. Here, we look at the main ideas behind the GDPR that will ensure that you are able to hold personal data in a lawful manner.
Data must be collated lawfully
It perhaps sounds a bit obvious, but the information you collate, must be done so lawfully. Data cannot and should not be stolen. Additionally, data must be used lawfully too. As a very crude example, if you hold a person’s credit card details, you cannot use them to buy illegal products.
Data must be held legally and safely
An individual has the right to have personal data held legally and safely. You need a stringent security practice in place to maintain the sanctity and confidentiality of data held. With more and more data being held electronically, data must be held securely in case of hacking attempts.
Data must be used fairly and collated transparently
You must collate the information in a transparent manner and use it fairly. In practice, this means you cannot claim you are collating information for one purpose, but use it for another.
Data must be held for the purpose it was intended
If you collate information or data for a certain purpose, you must then use that data for the purpose you collated it for. If you use the information to achieve another aim which you did not highlight to individuals, you are breaking the law.
Only necessary information must be held
If you are collecting personal data from individuals, you cannot collate more than you require. This means that you cannot collate information that you feel you may need in future, but at present for which you have no purpose.
Data must be accurate
For the data you collate to be trustworthy, you need to ensure that it is accurate. Additionally, to stay within the GDPR framework, you also need to make sure it is correct. The reason being is so individuals can be sure that information held on them is truthful and not misleading.
Data must be held for a limited period of time
When collating information, you need to remember that you cannot hold onto that information indefinitely. While there is no strict timeline set out by the GDPR, you must endeavour to stay true to the intentions of the framework. Keeping it for longer than you require would otherwise be a way of stopping a person's control over their own personal data.
Data must be held accountable for any any errors
The GDPR’s main aim was to emphasize that the accountability for misuse of personal data lay at the doors of the companies that collated it. If you are collecting personal data therefore, remember that you need continually to adapt your data collation and retention procedures to ensure they are legal. If errors do occur and you notice key breaches of the GDPR, you need to report it to your country’s regulatory authority.
Why is understanding personal data laws so important?
Protecting a person’s personal data is important to governments and businesses as well as individuals themselves. The GDPR framework, and the amount of work that went into creating it, goes to show just how important personal data is to populations and the citizens within them. Understanding what personal data is, is key to adhering to the laws that surround it. In doing so, you will ensure that you always stay on the right side of the GDPR framework.
However, fully understanding the GDPR goes deeper than that. Fully understanding the framework will mean you will also stay true to the spirit within which these laws were founded. Manipulating the laws so you can gain from holding a person’s key data may be legal in some instances, but it is not using the laws for how they were intended.