It may seem like a simple question with a very simple answer but legally speaking it is not. I am sure you have heard of the General Data Protection Regulation and wondered why it is making so much noise and filling your inbox with so many emails from companies talking about the changes they are making to their Privacy Notice.

So, before anything else, it is important that we understand exactly what Personal Data is and how it affects you.

“any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

An individual is "identified" or "identifiable" if you can distinguish them from other individuals. From this we can understand that personal data only includes information relating to natural persons who:

• can be identified or who are identifiable, directly from the information in question; or

• who can be indirectly identified from that information in combination with other information.

It will be obvious that an individual is directly identifiable, for example if you hold their name and address.

However, data should be also considered personal data when it potentially could identify a person if combined with other types of data. For example, a vehicle’s registration number, the number alone could be considered anonymous, however the DVLA usually stores and links the number with other information that allow for the direct identification of the owner of a vehicle, therefore it can be considered personal data.

• Information about a deceased person does not constitute personal data and therefore is not subject to the UK and EU GDPR.

• Personal data processed for personal reasons, like sending wedding invites to home addresses, are not considered "personal data" at least under the scope of the UK and EU GDPR.

• Information about companies or public authorities is not considered personal data.

But remember that emails you exchange while doing business with another company can contain personal data, such as your full name and your contact details. Therefore, even if your business works in B2B (business-to-business), the GDPR and data protection concerns will also be applicable to you and your company.

There will be circumstances where you may not be sure if a certain data element is considered personal data or not. In this case it's best to ask your Data Protection Officer or you can also always get in touch with Palqee. Until you know for sure, process that data as if it was personal data by:

a. keeping the data secure,

b. protecting the data from inappropriate disclosure, and,

c. ensuring you are justified in any processing

In summary, the meaning of personal data is any information regarding a natural person that identifies or that potentially could identify an individual by combining other pieces of information.

Even though the concept may seem rather simple, in practice it can be tricky since there are so many types of information that can relate to your customers, users or employees.