Defining Personal Data
The definition of personal data is changing and covers more than personally identifiable information (PII)
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
- Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the law.
- Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.
- The law protects personal data regardless of the technology used for processing that data – it’s technology neutral and applies to both automated and manual processing,
- Unique identifiers such as cookie IDs or advertising IDs are no longer classed as ‘anonymous’ data.
- Best Practice is to treat all online identifiers as personal data.