Personal Data Personal data concerns any piece of information that personally identifies a consumer, either alone, or in combination with other data elements, including names, addresses, ID numbers, health info, racial or ethnic data, political views, sexual orientation, genetic data, and biometric data. Interestingly enough, location, IP address, cookie data, and RFID tags also fall under the umbrella of personal data. Pseudonymous Data Any piece of information that can be tied back to a specific individual is protected under the GDPR. However, if that data doesn’t identify a person, or is anonymous, the regulation does not apply. The grey area here is with pseudonymous data.
Pseudonymous data cannot be attributed to a specific data subject without additional information. It’s not directly identifiable nor is it anonymous. For example, encrypted data, or data that has been “de-identified” (if the custodian retains the means to relate it, or decrypt it, may actually be pseudonymous. Pseudonymous data isn’t exempt from the GDPR, but marketing departments that adopt the pseudonymization process will be better positioned for compliance. Right to Erasure How many times have you found incorrect or old