Types of personal data, what is it?

Both in the Personal Data Inventory and the Data Protection Impact Assessment (DPIA), this question is asked. Read below explanations together with examples of what this could be.

ID document t.ex. ID-card, driving license, passport

This is data which has a strong identifier linked to an individual. It is normally issued by government authorities, police, banks, etc., often including biometric identifiers.

Contact information, e.g. name, telephone, email, address, etc.

This is data which can be directly linked to an individual.

Data created by an individual

e.g. photos taken by a customer, a cv sent in by a job candidate,  and documented opinions of employees in the course of their work.

Data about an individual (not created by the data subject)

Examples are: Feedback from customers on performance/behaviour of field sales/engineers. HR performance review documented data (objective and/or subjective) on an employee.

Data which can be linked to an individual

Data which has a weak identifier with an individual. This can include a customer's number, cookie, IP address, video footage.

De-identified data

e.g. customer data whereby the name and address has been replaced with pseudo-values which is reversible. Also referred to as pseudonymised data.

Public data

Personal data which has been obtained from public sources, e.g. scraping from social media websites, purchase from data brokers.

Anonymised data

e.g. data which has gone through several pseudonymisation techniques, e.g. de-identification, masking, obfuscation, in order to remove all links to an individual, and make this irreversible, i.e. impossible to reverse.