WHAT IS PERSONAL DATA?

17 September 2018

What is personal data?

Personal data is defined within Article 4 of the General Data Protection Regulation (GDPR) and means solitary or group data that can be used to identify an individual. The following are examples of personal data:

  • Name
  • Home address
  • Driver’s license
  • ID number
  • License plate number
  • Phone numbers
  • Emails
  • Date of Birth
  • Location of Birth
  • Health records
  • DNA
  • Biometric data
  • IP address

There are various other forms of personal data, and they are ever-changing in accordance with the laws and regulations, especially since the introduction of GDPR in May 2018.

Many organisations will collect personal data without realising. However, it is important that a company determines how and why they collect personal data from their clientele, in order to relay these procedures in their privacy policy.

Organisations should scrutinise their website, as well as their policies and procedures in order to construct a compliant privacy policy. Consider the following examples:

  • If an organisation has a sign-up form on their website then they are collecting personal data, regardless of whether the user submits information or not.

 

  • The use of website cookies is the most obvious form of collecting personal data, as cookies stores everything from user history, passwords, and even payment information.

 

  • Geotargeting is helpful for website owners in order to understand the user’s exact location and therefore generate more relevant content.

 

  • If an organisation uses analytic tools such as Google Analytics, which help organisations understand user needs through generating reports which contain personal data.

 

  • Many e-commerce or SaaS websites host Point of Sale Systems (POS), which obtain names, phone numbers, email addresses, as well as payment information.

 

  • A variety of organisations utilise Customer Relationship Management (CRM), which is a software tool designed to increase user relationship and experience, which is achieved by obtaining customers personal information.

 

  • The majority of websites include a customer support feature, which usually requires users to input their names, telephone numbers and email addresses, which are usually stored for future reference.

 

If your website features any of the above tools or procedures then it is vital that that these practices are included in the privacy policy, in order to avoid putting your organisation risk which could lead to a mass number of fines.

When dealing with data regulations it is important to consider three key areas including the collection, consent, and handling of personal data.

Although the regulations are due to change once the ePrivacy Regulation is implemented, it is important to adhere to the current regulations, especially the General Data Protection Regulation (GDPR), which was introduced in May 2018.

In order for an organisation to maintain compliance in accordance with GDPR, they must obtain the explicit and informed consent of each user, before any data is obtained. It is also vital to include the types of data that is collected and how it is utilised, which should be clearly explained in the privacy policy.

It is vital that a system is in place in order to protect the data against unauthorized usage, and also understand that the owners of the personal data have a right to review the information held, as well as the right to be forgotten.

If an organisation fails to adhere to these regulations, specifically GDPR, as this could result in fines of up to 4% of the organisation’s annual revenue.

 

Here at Three Graces Legal we can assist your organisation with Data Privacy and GDPR. 

Please contact us on 0151 659 1070 to see how we may be of assistance.

How can we help you?

To find how our friendly and knowledgeable solicitors can help you, contact us today.

Make a free enquiry - Call now - 0151 659 1070

Contact us