Categories
Blog 9 minutes read

What Data is Protected by GDPR – Everything you Need to Know

You are leaving behind data trails whenever you share any personal information. But do you ever wonder if that data …

DG

Daniel Green

Published June 27, 2023

Do you know what data is protected by GDPR? GDPR is legislation that secures our personal data given to any organisation. Know the data that GDPR protects.
arrow

You are leaving behind data trails whenever you share any personal information. But do you ever wonder if that data is protected? Don’t worry, GDPR is out there to impose data security laws to protect your data. But what data is protected by GDPR?

In this blog, we are going to learn what is GDPR and what data is protected by GDPR and why they do so. 

What is GDPR?

We will jump into what data is protected by GDPR as soon as we understand how GDPR works. The General Data Protection Regulation, in short GDPR, is legislation and guideline that secures and gives privacy to our personal data. This law ensures data security, especially for the citizens of the European Union. Their main goal is to protect the people of the EU from any kind of crime that occurs due to personal data breaches. 

What is GDPR

The GDPR does so by spreading awareness on people’s rights on their personal data and how to share them. Also, they enforce strict laws and principles on the organisation that process the data of the people of the EU. Therefore, even if the organisation is operating from other parts of the world, they must abide by the GDPR law to process data of EU citizens.  

GDPR defines terms and roles connected to personal data: 

  • Data subject: The person who owns personal data.
  • Data controller: The person or organisation determines what personal data to collect and where and how to use them.
  • Data processors: The person or organisation processing personal data for the controller.

The European Parliament approved The GDPR legislation for data security and regulation on April 14, 2016. From May 25, 2018, it became fully effective EU wide. GDPR overtook the EU Data Protection Directive of 1995. It works alongside the Data Protection Act (DPA) 2018 of the UK. The DPA 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). 

Due to technological advancement, there is an increase in cloud storage of mass data.  Without proper data protection, many crimes like identity theft, hacking of accounts, and other data violations are taking place. GDPR takes a strong stance against all kinds of personal data violations.

Purpose of GDPR

The main purpose of GDPR is to uphold and protect a strong and uniform data security law on the members of the EU. As a result, member of EU states does not have to write their own data protection law. Also, there will be consistency among the data protection process of the whole EU states.

GDPR laws imply to the companies and organisations outside the EU. Any company marketing its goods or services to the EU and have direct interaction with EU citizens must comply with GDPR rules and regulations. Therefore, GDPR has a global impact on data protection and privacy. 

According to the new directive of the GDPR, businesses and organisations must handle personal data, maintaining transparency with data subjects. Moreover, under GDPR, companies can’t legally process any personally identifiable information (PII) without meeting six conditions. These six mandatory requirements of GDPR for privacy and data protection involves:

  1. No matter how big or small the company is or if they are recording personal data manually or using technology, there must be high-security measures to protect them.
  2. Taking consent from the data subject before processing their personal data.
  3. In order to protect the privacy of data, anonymise the data.
  4. Companies must be to show compliance with a legal obligation.
  5. Ensuring safe transferring and processing of data across the border
  6. Big companies handling complex and mass data of people must have a data protection officer to look over companies GDPR compliance.

Businesses must also expand the privacy rights of their data subjects. In case of any serious data breach detection, the organisation must notify everyone whose data might be in jeopardy. The GDPR mandates this process within 72 hours of breach detection. If businesses do not meet compliance, there are strict penalties for it.

What are the 7 Principles of GDPR? 

Companies and individuals must understand GDPR principles to understand what data is protected by GDPR. At the core of GDPR lies complete protection of the personal data of each and every individual of the EU. As a result, companies must follow seven principles when it comes to handling personal data. 

Principles of GDPR

7 Principles of GDPR

According to GDPR law, if a company processes personal data, it must depend on seven protection and accountability principles. Here are the total seven principles. 

  1. Lawfulness, Fairness, Transparency

The data processing has to be lawful, fair and clear to the data subject.

  1. Purpose Limitation

The company has to use the data only for the reason for which they took it.

  1. Data Minimisation

A company must collect and process only the personal data that is completely relevant to the reason the company is taking the data.

  1. Accuracy

The personal data must be correct and kept up to date.

  1. Storage Limitation

A company must only keep the data as long as it is necessary for the purpose.

  1. Integrity and Confidentiality

A company must process data in a way that ensure proper security, integrity and confidentiality.

  1. Accountability

The company or data controller must be able to demonstrate GDPR compliance with all the Principles.

What are Your Rights Under GDPR?

GDPR gives eight specific rights to every individual over the personal data that any organisation is using. These individual’s rights help to determine what data is protected by GDPR.

8 Individual Rights of Data Protection

The seven principles give you or data subject rights over their personal data whenever an organisation collects and processes them. These 8 data subject rights are:

  1. The right to be informed – An organisation must inform you before taking your data.
  2. The right of access – You can request access and see your personal data that any organisation is using.
  3. The right to rectification – You have the right to edit and rectify your data.
  4. The right to erasure – You can request to erase your personal data or be forgotten. 
  5. The right to restrict processing – You can put a restriction or deny processing your data.
  6. The right to data portability – You have the right to access and transfer your data.
  7. The right to object – You can object to data sharing and processing.
  8. Rights in relation to automated decision-making and profiling.

What Data is Protected Under GDPR?

Now to the main question, what data is protected under GDPR. The EU’s GDPR takes into consideration any personal data that can identify a person directly or indirectly. To be specific, personal data refers to any information that represents and identifies a real person, directly or indirectly. 

What Data is Protected Under GDPR?

GDPR explains the concept of personal data at a greater level. Moreover, the data protection of GDPR applies if the collection of data happens in either of these two ways:

  1. If the processing of personal data happens through automated means like information and electronic forms
  2. If the personal data processing happens in a non-automated way. Like if the data forms a part or will form part of the filing system, written records, manual filing system.

What data are protected by GDPR falls under six main elements. These are the elements that GDPR takes into account to determine if the information is personal or not. 

  1. Natural Person

First, GDPR does not consider it a personal data if the data relates to any non-existent person. Therefore, the data must belong to a legal or an alive person. 

  1. Objective and Subjective Information that Describes a Person

Secondly, any “objective” information like height, age, physical feature and “subjective” information, like employment evaluations, are personal data. This information can be in any specific format. Any video, audio, numerical, graphical, and photographic data may contain personal data.

  1. Incorrect Information

It is still personal data, even if it happens to be wrong. Whether the data is factually false or it actually belongs to another person, it is personal data as it applies to an identifiable person. However, if data is incorrect to the extent where a person is unidentifiable, it is not personal data.

  1. Identifiers

Fourthly, any information that can distinguish one person from another is personal data. Pieces of information like a name, an identification number, location data, an online identifier enable us to distinguish one person from another. Further examples of individual identifiers are: 

  • Internet protocol (IP) addresses;
  • Cookie identifiers; and
  • Other identifiers, such as radio frequency identification (RFID) tags.
  1. Direct and Indirect Data

Data that indicates to a person directly or indirectly is also personal data. Indirect data are the information that leads to direct information or things that is specific to the person. Another form of indirect identification is when a third party uses your data. They combine it with data they have access to in order to identify an individual.

  1. Personal Data in Relation to Identifiable Person

GDPR protects the data that identifies a person, even if it doesn’t have a name on it. This is because they consider it personal data if someone processes it to learn more about the data subject.

Records include information that is clearly about a specific person. Like their medical history or criminal records, are also personal data. Records that provide information about an individual’s activity, such as a bank statement, may also qualify. Personal data is any information about a person that makes them identifiable.

Summary

Here’s a simplified answer to what data is protected by the GDPR:

  • Key identity information such as name, address and ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic information
  • Biometric information
  • Racial or ethnic data, sexual orientation
  • Political opinions

As EU citizens, we have rights to our personal data. Moreover, company owners are liable for protecting our personal data. GDPR ensures all of these. Therefore, we hope you got your answer to what data is protected by GDPR. If you have any confusion or to get professional training, join our GDPR course.

Our Blogs

Latest blog posts

Tool and strategies modern teams need to help their companies grow.
Become a Health and Social Worker in the UK" alt="How to become a Health and Social Worker in the UK" />

Given the high regard in which social work is held, the UK government closely regulates obtaining a health and social care worker degree.

Become a Nursing Assistant" alt="Your Complete Guide to Starting a Career as a Certified Nursing Assistant in the UK" />

Are you interested in a career that combines compassion, skill, and a meaningful impact on others’ lives? Becoming a Nursing Assistant offers all this and more.

Healthcare Assistant Training Course" alt="How to Become a Healthcare Assistant" />

According to a recent report from the NHS, there are 43 thousand healthcare assistant jobs available in the UK. With the increasing number of elderly people, this number is going to increase in the coming days.