The term ” identified” is equated here with “determined.”And the term ” identifiable” with “determinable.”
In this context, companies should always ask themselves whether a given Identified or identifiable persons piece of information can be attributed to a specific person or whether this would be possible with additional information.
- A person is considered to be identified if the assignment of data is possible without detours and a direct connection can be established.
- If this is not possible directly, but with additional knowledge, the person is identifiable .
- You do not necessarily have to have this additional knowledge yourself; it can also come from third parties.
Violation of the GDPR? These are the sanctions you must expect
By the way:
- Especially in the case of people in sensitive positions, it latvia phone number library is often not possible to establish a personal connection.
- The same applies if the specific information is subject to religious, medical or legal confidentiality.
Download the GDPR checklist now for free
Personal data: What does it all include?
In principle, all data that can be used to establish such a personal reference falls under personal data.
Article 4 of the GDPRrefers to the assignment of a person:
…to an identifier such as a name, an identification number, location data, an online first determine the intended effect identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Classically, these include:
- name
- address
- Telephone numbers
- license plate
- Credit card numbers
- Account details and general financial data
- Online data such as IP address or email address
- Location data
- Personal data, including personnel number
- biometric data (such as facial recognition scans or video recordings)
- Health data or stored fingerprints
(e.g. recorded in the latest identity card)
The GDPR therefore covers all data that can be clearly identified. This means that Identified or identifiable facebook users persons physical data, such as appearance, also counts as personal data.
In addition, there are issues such as nationality or religious affiliation or membership in an association.
With anonymized data, the data subject is neither identified nor identifiable.
Or, if originally personal data has been anonymized to such an extent that identification is no longer possible,
it is not considered personal data .
This is the case, for example, in a political election.
But be careful:
So-called pseudonymized data falls under personal data as
soon as additional knowledge is available with the help of which the data could be assigned back to the original person.