Re: GDPR - What is considered personal data? - Page 4

Francois1208 · ‎02-25-2018

Hi community,

I have a very practical question: Since the regulation defines personal data as “Any information relating to an identified or identifiable natural person…”, does it mean first + last name is considered personal data? Historically we identified PII as a combination of several elements like name + address or name + social. If first + last is indeed considered personal information under GDPR the impact is much more significant so we want to make sure we're addressing it appropriately.

I haven't been able to get a straight answer yet so I figured someone here might be able to help.

Thanks!

Early_Adopter · ‎02-26-2018

@TimG

I would say where you process the data really matters, but not for applicability of the legislation.

Processing GDPR Personal Data with no third country adequacy, no BCRs, model contracts etc - and the controller and processor are going down.

A quibble, but one I think that reinforces your point.

Caute_cautim · ‎02-26-2018

As the Economist states :The world's most valuable resource is no longer oil, it is data".

ttps://www.economist.com/news/leaders/21721656-data-economy-demands-new-approach-antitrust-rules-worlds-mos...

Gchanner65 · ‎03-07-2018

This is my understanding : the First name and Last name combine to create a single entity = Name - because name is not in itself a unique identifier it requires another primary element to constitute PII. there are instances where the actual name is unusual in its construct ( spelling, pronunciation etc.) but a secondary element is still required to make it identifiable - Happy for anyone to comment and disagree

DHerrmann · ‎03-08-2018

Don't forget your own employees. They certainly have a right to privacy under GDPR.