GDPR Glossary Also known as: PII
Any information relating to an identified or identifiable living person, from a name or email to an IP address or location data.
Personal data is any information that relates to an identified or identifiable natural person (the 'data subject'). A person is identifiable if they can be singled out directly or indirectly — by a name, an ID number, location data, an online identifier, or factors specific to their identity.
It is deliberately broad: names, emails, phone numbers, IP addresses, cookie IDs, photos, and even opinions about a person can all be personal data. If data can be linked back to an individual, the GDPR applies.
In the Regulation
Related terms
Data subjectThe living individual whom the personal data is about — the person the GDPR is designed to protect.Special category dataSensitive data — health, race, religion, sexual orientation, biometrics and more — that gets extra protection under Article 9.PseudonymisationReplacing identifying fields with a pseudonym so data can't be attributed to a person without separately-kept extra information.AnonymisationIrreversibly stripping data of anything that could identify a person — after which the GDPR no longer applies.
Need this applied to your business?
Our data-protection lawyers turn GDPR terms into a working plan.