What Types of Data are Covered by GDPR?

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to all organizations that process personal data of individuals within the European Union (EU).

What is Personal Data?

Personal data is any information that can be used to identify an individual. This includes names, addresses, phone numbers, email addresses, IP addresses, and other types of data.

What is Sensitive Personal Data?

Sensitive personal data includes genetic data, biometric data, and data related to health, sex life, or sexual orientation.

What is Pseudonymized or Anonymized Data?

Pseudonymized or anonymized data is data that is not directly identifiable, but can be linked to an individual through other means.

What is Online Tracking Data?

Online tracking data includes cookies and IP addresses.

What are the Requirements for Collecting and Processing Personal Data?

Organizations must obtain explicit consent from individuals before collecting and processing their personal data. This includes obtaining consent for the collection and processing of sensitive personal data.

What are the Rights of Individuals under GDPR?

Individuals have the right to access, correct, and delete their personal data. They also have the right to be informed about how their personal data is being collected and processed.

What are the Responsibilities of Organizations under GDPR?

Organizations must implement appropriate security measures to protect personal data from unauthorized access, use, or disclosure. They must also report data breaches to the relevant authorities and notify individuals if their personal data has been compromised.

What are the Consequences of Non-Compliance with GDPR?

Organizations that fail to comply with GDPR may face fines of up to 4% of their global annual turnover or €20 million, whichever is greater.