Personal Data 101

persondata-101-cyberpilot-1
IMG_8359

Since the introduction of GDPR in 2018, the use of the word ‘personal data’ has exploded. The word has hyped on the news and social media, and you have probably had to change some practices in your workplace. Around that same time, you have also received emails from every company you have dealt with informing you about how they process your personal data. We know that it can be confusing to know what personal data is, and how to deal with it. In this blog post, we explain how it can be relevant to you, and what you can do to avoid personal data violations. 

Personal Data

In the GDPR, ‘personal data’ means any information relating to an identified or identifiable person. This means that if the data can directly or indirectly lead to a specific person, then it can be classed as personal data.

It is also important to point out that this does not only apply to textual information, but can also be in the form of photos, audio recordings, or videos of a person. To illustrate what a broad range of things that can be considered personal data, here is a list just to scratch the surface:

As you can see, personal data can almost be anything about a person. Some personal data can be more sensitive in nature and therefore requires a higher level of protection. It can be classed as either general personal data or sensitive personal data.

General personal data vs. Sensitive personal data

Information such as name, gender, address and e-mail are considered ‘general’ personal data, whereas information about one’s political or religious beliefs, ethnic background, or membership in a trade union is considered ‘sensitive’ personal data.

Knowing what kind of information belongs in each category will seem obvious to some, but it can be difficult to know sometimes. To the surprise of some, social security numbers are actually considered general personal data, and not sensitive. But as it turns out, some countries employ specific rules for these types of data that it may as well be treated like sensitive personal data.

When working with personal data, you should be aware of which category it belongs in because there are much stricter rules in the GDPR for the treatment of sensitive data. If unsure, the best thing to do is to talk to your Data Protection Advisor (DPO). Your next best guess is an information officer in your company or the IT department.

Why is it important?

Because of the new regulations, the effort to catch the incorrect handling of personal data has increased. The same goes for the sum of the fines, which can be up to 4% of company’s global revenue. However, it is not the only consequence of the insecure handling of personal data. It can also lead to identity theft, financial fraud, invasion of privacy, or have detrimental repercussions for your organization.  

What can I do?

Det var et lille indblik i, hvorfor du skal være forsigtig, når du behandler persondata, og hvad det egentlig går ud på. Selvom det kan virke uoverskueligt at ændre på sine vaner og arbejdsrutiner kan man nå rigtig langt med tre simple huskeregler.

In this blog, we provided some insight into what personal data is and why you need to careful when handling it. Although it may seem daunting to incorporate changes into your habits and work routine, it can go a long way just to remember three simple steps:

  1. Be aware of when you process general or sensitive personal data. When it comes to sensitive personal data, you should pay extra attention. 
  2. Treat personal data as something you borrow. Take care of it,return it when finished, and do not lend it out to othersIt means to keep it safe, delete it when you are done, and never pass it on to other people. 
  3. If you are in doubt about how personal data should be handled in your organization, ask the person in charge, e.g. your DPO.

Technical solutions are important for tackling issues within IT, but it is just as important for people in your organization to be aware and handle data properly.

Employees’ knowledge and diligence are crucial for your IT security. CyberPilot offers awareness training which trains employees in IT security and good data processing. With our awareness training, you will achieve a higher level of security and secure a good foundation for compliance with the GDPR.

Do you want to be kept up to date on IT security?

Top