What is Personal Data (GDRP)?

The text of the GDPR defines Personal Data as:

“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”

For practical reasons, we are defining two levels of personal data within CWIE.  Tier-1 data is considered personal in and of itself.  Tier-2 data is considered personal when it is stored in conjunction with (combined, or alongside) tier-1 data.

Tier-1 personal data (i.e. data that can/should be considered to be personal all by itself) includes:

• First and Last Name
• National ID / Passport Number / Driver’s License
• National Insurance Number / Social Security Number / Tax Number
• Personal E-Mail Address
• Landline Number / Mobile Number
• Bank Account Number / Credit Card Number / BIC / SWIFT

Tier-2 personal data items are probably too numerous to list (since they will grow over time as technology expands its reach) but I’ll drop a few to give an idea of what we’re talking about:

• IP Addresses
• MAC Address
• Web Cookies
• Session Data (including Session ID’s)
• RFID Data (i.e. Tags)
• Audit Trail / Logs (that may contain one or more of the above mentioned Tier-2 data within them)
• Location / GPS data
• Personal Address (Includes home address and/or billing address - Address Line 1, Address Line 2, Apartment Number, City/Town Name, Post Code, Country)