Exercise 1
According to the GDPR, personal data are:
“(…) any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.“ (EU-GDPR Article 4 No. 1, 2016).
Task:
The definition already lists some examples of personal data. What other types of data fall under the term personal data? Conduct research online and compile a list of the most important data for your personal records.
There are many types of personal data. The following overview lists the most relevant personal information:
- General personal data (name, address, date of birth, place of birth, phone number, email address, occupation, education, marital status, nationality, criminal records, etc.)
- Identifiers (passport and ID card number, tax ID, social security number, health insurance number, student ID, etc.)
- Physical and genetic data (height, body type, eye color, skin and hair color, etc.)
- Online identifiers (IP address, location data, cookies, etc.)
- Banking data (account number, credit card number, bank, account balance, etc.)
- Assets (real estate, vehicles, license plates, registration data, debts, income, etc.)
- Customer data (orders, account information, user profiles, etc.)
- Credentials (certificates, diplomas, degrees, etc.)
Additionally, the GDPR defines further categories of particularly sensitive personal data, including:
- Ethnic origin
- Political opinions and attitudes
- Philosophical beliefs
- Sexual orientation
- Social identity