Skip main navigation
We use cookies to give you a better experience, if that’s ok you can close this message and carry on browsing. For more info read our cookies policy.
We use cookies to give you a better experience. Carry on browsing if you're happy with this, or read our cookies policy for more information.

Skip to 0 minutes and 8 secondsThere are some core concepts that need to be clarified beforehand in order to understand what the General Data Protection Regulation is about.

Skip to 0 minutes and 17 seconds"Personal data" means any information relating to an identified or identifiable natural person, which is also called a data subject. This definition can be found in Article 4 of the GDPR. Let's now step-by-step discuss the key elements of this definition. "Any information" is the first important, but very broad, concept entailing literally any information which can be a name, a gender, an occupation, an email address, health-related information, and other types of data. This information can be available in different forms-- alphabetical, numerical, graphical, photographical, acoustic, or in any other format, and be kept on paper or stored in computers, on videotapes, on CDs, or in any other manner. Another term that needs specification is "relating to".

Skip to 1 minute and 7 secondsIt means that certain information must relate to an individual, and it can be considered as relating to an individual when it is about that individual. In this regard, the Article 29-- Data Protection Working Party-- has provided some guidelines. This Working Party was established by the Directive 95/46/EC, which is the predecessor of the GDPR. It advises the European Commission on data protection issues and contributes to the development of harmonised policies on data protection in EU Member States. According to the Working Party, the information relates to an individual if it refers to the identity, characteristics, or behaviour of an individual, or if such information is used to determine or influence the way in which that person is treated or evaluated.

Skip to 1 minute and 56 secondsThe third key element of the definition of personal data is "an identified or identifiable natural person". That is also referred to as data subject. A natural person can be seen as identified within a certain group of people if he or she is distinguished from all the other members of that group. The definition of "an identifiable natural person" is provided in Article 4 GDPR itself, which states that a natural person is identifiable when it is possible to identify him or her, directly or indirectly, by reference to certain identifiers.

Skip to 2 minutes and 29 secondsThese identifiers can be a name, an identification number, location data, an online identifier, or one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. As it can be seen in the definition of personal data, the General Data Protection Regulation offers protection to natural persons, or in other words, human beings. As explained by the Article 29-- Data Protection Working Party, in relation to the Directive 95/46/EC, these have to be living individuals, because information relating to dead people, as such, is not to be regarded as personal data.

Skip to 3 minutes and 13 secondsOne might also be wondering: what do we mean by the processing of personal data? As stated in Article 4 GDPR, processing entails operation or operations that are performed on personal data or on sets of personal data, whether by automated means or not. It can be not only collection, recording, organisation, and structuring, but also use, disclosure by transmission, dissemination, and even erasure. Finally, it is important to note that there are certain types of personal data that belong to the category of special or sensitive personal data. This is information that reveals the following-- racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership.

Skip to 4 minutes and 0 secondsIn addition, to this group belong genetic data, biometric data used to uniquely identify a natural person, health data, data concerning a person's sex life, or his or her sexual orientation. Now you know more about the most significant notions introduced in the General Data Protection Regulation that are necessary for understanding its various aspects, and we can continue our intellectual journey with this knowledge in mind.

Key concepts and definitions

There are many concepts and definitions laid down in the GDPR that should be explained.

In accordance with Article 4(1) GDPR, the notion of “personal data” refers to any information relating to an identified or identifiable natural person called “a data subject”.

In the definition provided above, “any information” means any information, such names, genders, occupations and other types of data, that is available in different forms, including alphabetical, numerical and graphical, and is kept on paper or stored in computers or in any other manner.

“Relating to” means that certain information must relate to: in other words, it must be about that individual. The Article 29 Data Protection Working Party stressed that the information relates to an individual “if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated”.

“An identified or identifiable natural person” or a data subject is a natural person that is regarded as “identified” within a certain group of people if he or she is distinguished from all the other group members. Article 4(1) GDPR states that a natural person is identifiable when it is possible to identify him or her, directly or indirectly, by reference to certain identifiers, such as a name, an identification number or location data, or one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In accordance with Article 4(2) GDPR, the “processing” of personal data refers to operation or operations performed on personal data or on sets of personal data, whether by automated means or not, such as collection, recording and structuring.

In the category of special or sensitive personal data addressed in Article 9 GDPR, one can find information revealing

  1. racial or ethnic origin,
  2. political opinions,
  3. religious or philosophical beliefs,
  4. trade union membership,
  5. genetic data,
  6. biometric data used to uniquely identify natural persons,
  7. health data,
  8. data concerning individuals’ sex life,
  9. sexual orientation.

We have addressed quite a lof of notions so far. Have you managed to remember them all?

Share this video:

This video is from the free online course:

Understanding the General Data Protection Regulation

University of Groningen

Contact FutureLearn for Support