Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £35.99 £24.99. New subscribers only T&Cs apply

Find out more

Home / Business & Management / Big Data & Analytics / Understanding the GDPR / Key concepts and definitions

Key concepts and definitions

The GDPR contains many concepts and definitions, such as personal data and the processing of these data. Watch Evgeni Moyakine explain more.
View transcript
7
DR.
7
EVGENI MOYAKINE: There are some core concepts that need to be clarified beforehand in order to understand what the General Data Protection Regulation is about.
17.4
Personal data means any information relating to an identified or identifiable natural person, which is also called a data subject. This definition can be found in Article 4 of the GDPR. Let’s now, step by step, discuss the key elements of this definition. Any information is the first important, but very broad concept entailing literally any information, which can be a name, a gender, an occupation, an email address, health related information, and other types of data. This information can be available in different forms, alphabetical, numerical, graphical, photographical, acoustic, or in any other format, and be kept on paper or stored in computers, on videotapes, on CDs, or in any other manner. Another term that needs specification is relating to.
67.2
It means that certain information must relate to an individual, and it can be considered as relating to an individual when it is about that individual. In this regard, the Article 29, data protection working party, has provided some guidelines. This working party was established by the directive 95/46/EC which is the predecessor of the GDPR. It advises the European Commission on data protection issues and contributes to the development of harmonised policies on data protection in EU member states. According to the working party, the information relates to an individual if it refers to the identity, characteristics, or behaviour of an individual, or if such information is used to determine or influence the way in which that person is treated or evaluated.
115.9
The third key element of the definition of personal data is an identified or identifiable natural person. That is also referred to as data subject. A natural person can be seen as identified within a certain group of people if he or she is distinguished from all the other members of that group. The definition of an identifiable natural person is provided in Article 4 GDPR itself, which states that the natural person is identifiable when it is possible to identify him or her directly or indirectly by reference to certain identifiers.
149.5
These identifiers can be a name, an identification number, location data, an online identifier, or one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. As it can be seen in the definition of personal data, the General Data Protection Regulation offers protection to natural persons or in other words, human beings. As explained by the Article 29, data protection working party in relation to the directive 95/46/EC these have to be living individuals, because information relating to dead people as such is not to be regarded as personal data. One might also be wondering, what do we mean by the processing of personal data?
197.5
As stated in Article 4 GDPR, processing entails operation or operations that are performed on personal data or on sets of personal data, whether by automated means or not. It can be not on the collection, recording, organisation, and structuring, but also use, disclosure by transmission, dissemination, and even erasure. Finally, it is important to note that there are certain types of personal data that belong to the category of special or sensitive personal data.
229.2
This is information that reveals the following: racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership. In addition to this group belong genetic data, biometric data used to uniquely identify a natural person, health data, data concerning a person’s sex life or his or her sexual orientation. Now you know more about the most significant notions introduced in the General Data Protection Regulation that are necessary for understanding its various aspects, and we can continue our intellectual journey with this knowledge in mind.

There are many concepts and definitions laid down in the GDPR that should be explained.

In accordance with Article 4(1) GDPR, the notion of “personal data” refers to any information relating to an identified or identifiable natural person called “a data subject”.

In the definition provided above, “any information” means any information, such names, genders, occupations and other types of data, that is available in different forms, including alphabetical, numerical and graphical, and is kept on paper or stored in computers or in any other manner.

“Relating to” means that certain information must relate to: in other words, it must be about that individual. The Article 29 Data Protection Working Party stressed that the information relates to an individual “if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated”.

Want to keep
learning?

This content is taken from
University of Groningen online course,

Understanding the GDPR

View Course

“An identified or identifiable natural person” or a data subject is a natural person that is regarded as “identified” within a certain group of people if he or she is distinguished from all the other group members. Article 4(1) GDPR states that a natural person is identifiable when it is possible to identify him or her, directly or indirectly, by reference to certain identifiers, such as a name, an identification number or location data, or one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In accordance with Article 4(2) GDPR, the “processing” of personal data refers to operation or operations performed on personal data or on sets of personal data, whether by automated means or not, such as collection, recording and structuring.

In the category of special or sensitive personal data addressed in Article 9 GDPR, one can find information revealing

  1. racial or ethnic origin,
  2. political opinions,
  3. religious or philosophical beliefs,
  4. trade union membership,
  5. genetic data,
  6. biometric data used to uniquely identify natural persons,
  7. health data,
  8. data concerning individuals’ sex life,
  9. sexual orientation.

We have addressed quite a lot of notions so far. Have you managed to remember them all?

Want to keep learning?

This content is taken from University of Groningen online course
Understanding the GDPR
View Course
See other articles from this course
This article is from the online course:

Understanding the GDPR

Created by
Join Now
This article is from the free online

Understanding the GDPR

Created by
Join Now
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now

Register to receive updates

  • Create an account to receive our newsletter, course recommendations and promotions.

    Register for free