The text of the GDPR defines Personal Data as:
“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”
For practical reasons, we are defining two levels of personal data within CWIE. Tier-1 data is considered personal in and of itself. Tier-2 data is considered personal when it is stored in conjunction with (combined, or alongside) tier-1 data.
Tier-1 personal data (i.e. data that can/should be considered to be personal all by itself) includes:
Tier-2 personal data items are probably too numerous to list (since they will grow over time as technology expands its reach) but I’ll drop a few to give an idea of what we’re talking about: