Skip main navigation

Key concepts and definitions

The GDPR contains many concepts and definitions, such as personal data and the processing of these data. Watch Evgeni Moyakine explain more.

There are many concepts and definitions laid down in the GDPR that should be explained.

In accordance with Article 4(1) GDPR, the notion of “personal data” refers to any information relating to an identified or identifiable natural person called “a data subject”.

In the definition provided above, “any information” means any information, such names, genders, occupations and other types of data, that is available in different forms, including alphabetical, numerical and graphical, and is kept on paper or stored in computers or in any other manner.

“Relating to” means that certain information must relate to: in other words, it must be about that individual. The Article 29 Data Protection Working Party stressed that the information relates to an individual “if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated”.

“An identified or identifiable natural person” or a data subject is a natural person that is regarded as “identified” within a certain group of people if he or she is distinguished from all the other group members. Article 4(1) GDPR states that a natural person is identifiable when it is possible to identify him or her, directly or indirectly, by reference to certain identifiers, such as a name, an identification number or location data, or one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In accordance with Article 4(2) GDPR, the “processing” of personal data refers to operation or operations performed on personal data or on sets of personal data, whether by automated means or not, such as collection, recording and structuring.

In the category of special or sensitive personal data addressed in Article 9 GDPR, one can find information revealing

  1. racial or ethnic origin,
  2. political opinions,
  3. religious or philosophical beliefs,
  4. trade union membership,
  5. genetic data,
  6. biometric data used to uniquely identify natural persons,
  7. health data,
  8. data concerning individuals’ sex life,
  9. sexual orientation.

We have addressed quite a lot of notions so far. Have you managed to remember them all?

This article is from the free online

Understanding the GDPR

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now