Now I am not one of the GDPR advisors that uses the formal language. I don’t use the word data, I say personal information as so many people struggle to understand what data really means. I spend quite a lot of time talking with other data protection professionals and I always find it daunting when they start talking article this, data that. Not because I don’t know what they are talking about but it feels elitist to me and alienating from the group of people I am trying to support. I’ve gone off on a bit of rant when we are supposed to be talking data (or as I prefer personal information).
What is classified as personal information?
Personal information is anything about an individual or which you can use to identify an individual. This includes such things as email addresses, IP addresses, postal address, name, etc. Most organisations collect a whole range of personal information to facilitate the services or sale of products and also to market those services or products.
The biggest challenge most organisations face is defining the personal data they collect, how they collect it and how it is shared within the organisation.
Your first steps to comply with the GDPR is understanding what personal information you are holding and the reason you are holding it.