Call us 9am-5pm Mon to Fri0161 233 4499
News

How Does the GDPR Define Personal Data?

By mjackson
06.04.18

On 25 May, the General Data Protection Regulation (GDPR) will come into effect, which doesn’t leave your organisation much time to educate itself on all the forthcoming changes. The GDPR expands the rights of individuals and their personal data and places greater obligations on businesses that process that data.

You may not realise it, but your organisation most likely handles some kind of personal data, whether it belongs to your customers or your employees. To ensure you remain compliant, understand that personal data includes the following, according to the European Commission:

  • Name and surname
  • Identification card number
  • Home and business identifiable email address
  • Location data (such as a geolocator used by certain apps)
  • Online identifier (such as a username or even their IP address)
  • Medical information

Essentially, if it can be used to identify a person, the data counts as personal data. If you’re in doubt, treat the data as personal data. Also, don’t forget that under the GDPR, individuals have the following rights:

  • The right to be informed: Organisations must be transparent about how they use personal data.
  • The right of access: Individuals have the right to access their personal data.
  • The right to rectification: Individuals have the right to have their personal data rectified (for example, if it’s inaccurate or incomplete).
  • The right to erasure: Individuals have the ‘right to be forgotten’—meaning, they have the right to have their data deleted.
  • The right to restrict processing: Individuals have the right to block or suppress processing of personal data.
  • The right to data portability: Individuals have the right to obtain and reuse their personal data for their own purposes across different services.
  • The right to object: Individuals have the right to object to the processing of their personal data.
  • Rights in relation to automated decision-making and profiling.

For more information on how your organisation can be GDPR compliant, contact CIEEM Insurance Services today.