Personal data according to DSGVO

Personal data

Definition according to GDPR

According to the GDPR, personal data is all information relating to an identified or identifiable natural person. (Article 4(1) GDPR)

All information that can be assigned to a specific person or makes a person identifiable is personal data. Not only name, address or telephone number have personal reference, but under certain circumstances also already pseudonymised data such as a customer number or the IP address.

  • Name
  • Date of birth
  • Age
  • Marital status
  • Address
  • E-mail address
  • IP addresses
  • Phone number
  • Account details

  • License plate
  • Identity card number
  • Social security number
  • Location data
  • Criminal record
  • Health data
  • Cultural / social characteristics
  • Biometric data (e.g. fingerprint)

It also includes information relating to the specific characteristics of a natural person, such as their physical, physiological, genetic, mental, economic, cultural or social identity, and even requires particularly sensitive handling of such information.

If personal data is encrypted, this is referred to as pseudonymised data. These in turn differ from anonymised data.

Caroline Schwabe
Latest posts by Caroline Schwabe (see all)

This might interest you too:

Data Protection Breaches

All information on information security

What is information security? Tasks of the information security officer and differentiation from data protection.
Anonymised data

Anonymised data

What is anonymous data? Difference pseudonymised data ✔ Relevance for data protection and GDPR.
Data protection DSGVO

Pseudonymised data

Find out what pseudonomised data is according to GDPR and what you have to observe in terms of data protection law.