What is personal data?

Personal data’ refers to any information related to an identified or identifiable natural person.  

A natural person means personal data is from or related to a living person. This information can be objective or subjective. This information can differentiate one individual from another and says something about them.  

In general, if you are using data collected about people, it is always best to assume it is personal data.  

 

Personal data can be objective or subjective:

Objective personal data

This information is factual and can be verified. It does not involve opinions, feelings, or personal judgments.

Example:

These are factual pieces of information that can be confirmed through school records.

 

Subjective personal data

This refers to opinions, feelings, or personal perspectives. It is based on how someone feels or thinks, not on measurable facts.

Example:

These reflect personal opinions, preferences, or beliefs that may vary from person to person.

 

 

Personal data is broad term and covers more data types than what we might initially think. Not only does it include information which can be directly linked to an individual but it also encompasses information which can be used as a puzzle piece to re-identify someone.

 

Directly and indirectly identifiable data

Directly identifiable personal data includes information such as name, address or photographs/video recordings of faces, for which little to no effort and no additional information are required to determine to whom the data belong. These types of data are what we most commonly relate to as personal data. However, it is important to be aware that personal data can also be indirectly identifiable.

Indirectly identifiable data require more effort as well as additional information to determine whom the data belongs to. Indirectly identifiable personal data include genetic information, data that are unique to an individual, datasets with extreme or unusual values (e.g., extreme physical measurements unique to elite athletes, highly unique employment history) or any other characteristics about a person (e.g., ethnicity, gender, occupation and/or education) that, when combined into one record, can single out that person as unique in your dataset. Indirectly identifiable data may not immediately identify an individual, but they do provide the potential for identification of that individual

When collecting any data from participants, it is best practice to minimize the amount of personal data collected. You should think critically about why you need specific information from your participants and always strive to minimize the personal data you collect.